Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

frappe — Vulnerabilities & Security Advisories 70

Browse all 70 CVE security advisories affecting frappe. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by frappe:frappelmspresserpnexthrmsfrappe/lmsFrappe CRMFrappe HelpDeskcrm
CVE IDTitleCVSSSeverityPublished
CVE-2026-41430 Press vulnerable to reflected XSS on login redirection — pressCWE-79 6.1AIMediumAI2026-04-24
CVE-2026-41317 Frappe Press has an unsafe HTTP method / CSRF-adjacent issue on API secret generation — pressCWE-352 8.8AIHighAI2026-04-24
CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters — FrappeCWE-79 5.4AIMediumAI2026-04-22
CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer — FrappeCWE-79 5.4AIMediumAI2026-04-22
CVE-2026-41320 Frappe HR has possibility of SQL Injection due to improper field sanitization — hrmsCWE-89 6.5 Medium2026-04-21
CVE-2026-40889 Frappe HR has Improper Access Control on Files — hrmsCWE-284 6.5 Medium2026-04-21
CVE-2026-40888 Frappe HR vulnerable to Improper Access Control — hrmsCWE-284 6.5AIMediumAI2026-04-21
CVE-2026-39415 Frappe Learning Management System has Client-Side Manipulation of Quiz Scores — lmsCWE-602 7.1AIHighAI2026-04-08
CVE-2026-39351 Frappe allows unrestricted Doctype access via API exploit — frappeCWE-862 8.8AIHighAI2026-04-07
CVE-2026-35614 Frappe has a SQL injection in bulk_update — frappeCWE-89 8.8AIHighAI2026-04-07
CVE-2026-34606 Stored XSS in Frappe LMS — lmsCWE-79 5.4AIMediumAI2026-04-02
CVE-2026-32954 ERP has a possibility SQL Injection vulnerability due to missing validation — erpnextCWE-89 7.1 High2026-03-20
CVE-2026-31879 Frappe Workspace modification and stored XSS due to improper resource ownership checks — frappeCWE-79 5.4AIMediumAI2026-03-11
CVE-2026-31878 Frappe: Possible SSRF by any authenticated user — frappeCWE-918 5.0 Medium2026-03-11
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization — frappeCWE-89 7.5AIHighAI2026-03-11
CVE-2026-29081 Frappe: Possibility of SQL Injection due to improper fieldname sanitization — frappeCWE-89 6.5 Medium2026-03-05
CVE-2026-29077 Frappe: Broken Access Control in DocShare — frappeCWE-284 7.1 High2026-03-05
CVE-2026-28436 Frappe: Stored XSS in avatar_macro.html — frappeCWE-79 5.4 -2026-03-05
CVE-2026-27471 ERP: Document access through endpoints due to missing validation — erpnextCWE-862 4.3AIMediumAI2026-02-21
CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users — lmsCWE-862 4.3 -2026-02-20
CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students — lmsCWE-863 5.3AIMediumAI2026-02-11
CVE-2026-25956 Frappe Affected by XSS and Open Redirect in Sign Up — frappeCWE-601 6.1 Medium2026-02-10
CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages — lmsCWE-79 5.4AIMediumAI2026-01-14
CVE-2025-68953 Certain Frappe requests are vulnerable to Path Traversal — frappeCWE-22 7.5 High2026-01-05
CVE-2025-68929 Frappe may be vulnerable remote code execution due to server-side template injection — frappeCWE-1336 9.1 Critical2025-12-29
CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field — crmCWE-79 5.4 Medium2025-12-29
CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form — lmsCWE-79 5.4AIMediumAI2025-12-12
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields — lmsCWE-79 5.4AIMediumAI2025-12-12
CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data — Frappe HelpDeskCWE-89 8.8AIHighAI2025-12-09
CVE-2025-66581 Frappe LMS is Missing Server-Side Authorization in Business Logic — lmsCWE-863 8.8 -2025-12-05

This page lists every published CVE security advisory associated with frappe. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.