CVE-2026-25956
Frappe Affected by XSS and Open Redirect in Sign Up
Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect (or reflected XSS, depending on the crafted payload) when a user signs up. This vulnerability is fixed in 14.99.14 and 15.94.0.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
frappe · frappeQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →