Security Advisory

CVE-2023-46127

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-23 14:29:01

Last updated 2024-09-11 15:23:48

Assigner GitHub_M

State PUBLISHED

Description

Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.

← Browse all CVEs View on cve.org ↗