CVE-2025-52896 Information

Jul 01, 2025 cve

Description

Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0 authenticated users could upload carefully crafted malicious files via Data Import leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.

Reference

https://github.com/frappe/frappe/commit/152fd09de5bca16b8d299d715a1f5df6fca3866f https://github.com/frappe/frappe/commit/f11c53d4df745b58bd1c1c08e1634a2f5a55322a https://github.com/frappe/frappe/pull/31483 https://github.com/frappe/frappe/security/advisories/GHSA-hv29-66qg-2v6p

CNNVD-202506-3780 (Published: 2025-06-30)

Share on:

CVE-2025-52896 Information

Description

Reference

Related CNNVD