Exposure of Frappe
Web frameworks45
exposure score
472
sites use
0
exploited
3
critical
CVEs
48 resultsCVE-2023-46127MEDIUMFrappe vulnerable to HTML injection by any Desk userEPSS 37.0%CVE-2026-39352HIGHFrappe has an Arbitrary File Read via Path Traversal in render_includeEPSS 1.3%CVE-2022-23055—ERPNext - Improper user access conrolEPSS 1.1%CVE-2022-41712MEDIUMFrappe version 14.10.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does nEPSS 0.9%CVE-2022-23058—ERPNext - Stored XSS in My SettingsEPSS 0.8%CVE-2024-24813HIGHFrappe SQL Injection from reporting logicEPSS 0.6%CVE-2025-30213MEDIUMFrappe has Possibility of Remote Code Execution due to improper validationEPSS 0.6%CVE-2024-27105HIGHFrappe File Permissions can by bypassed using certain endpointsEPSS 0.6%CVE-2022-3988LOWFrappe Search navbar_search.html cross site scriptingEPSS 0.6%CVE-2022-23057—ERPNext - Stored XSS in My ProfileEPSS 0.6%CVE-2024-34074MEDIUMFrappe vuilnerable to an open redirect on login pageEPSS 0.6%CVE-2023-41328MEDIUMPossibility limited SQL injection due to insufficient validation in FrappeEPSS 0.4%CVE-2025-68929CRITICALFrappe may be vulnerable remote code execution due to server-side template injectionEPSS 0.4%CVE-2025-30212MEDIUMFrappe has possibility of SQL injection due to improper validationsEPSS 0.4%CVE-2025-52898HIGHFrappe account takeover via password reset token leakageEPSS 0.4%CVE-2024-24812MEDIUMFrappe Authenticated Reflected Cross site scripting (XSS) in portal pagesEPSS 0.4%CVE-2025-30214HIGHFrappe vulnerable to information disclosure leading to account takeoverEPSS 0.4%CVE-2025-68953HIGHCertain Frappe requests are vulnerable to Path TraversalEPSS 0.4%CVE-2025-52895HIGHFrappe possibility of SQL injection due to improper validationsEPSS 0.3%CVE-2025-55731MEDIUMFrappe has the possibility of Authenticated SQL Injection due to improper validationsEPSS 0.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →