Security: frappe/frappe
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
File Permissions can by bypassed using certain endpointsGHSA-hq5v-q29v-7rcw published
Mar 20, 2024 by ankushHigh -
SQL Injection from reporting logicGHSA-fxfv-7gwx-54jh published
Mar 20, 2024 by ankushCritical -
Frappe Authenticated Reflected Cross site scripting (XSS) in portal pagesGHSA-7p3m-h76m-hg9v published
Feb 6, 2024 by ankushModerate -
frappe.flags.in_safe_exec can become False while executing a Server ScriptGHSA-v3vh-7qx4-f582 published
Dec 18, 2023 by ankushModerate -
HTML injection in printviewGHSA-v248-pv3c-jvgw published
Feb 6, 2024 by ankushModerate -
Cross-Site Scripting (XSS) Attack on exceptions and Blog PageGHSA-439c-3956-r8q7 published
Dec 11, 2023 by ankushModerate -
Possible HTML injection by any Desk userGHSA-j2w9-8xrr-7g98 published
Oct 21, 2023 by ankushModerate -
Error logs could potentially leak secretsGHSA-38fg-mjcm-3hc6 published
Aug 17, 2023 by ankushModerate -
Possible HTML Injection attackGHSA-4jj9-5vgc-gc4j published
Aug 28, 2023 by ankushLow -
Possibility of limited SQL injection due to insufficient validationGHSA-53wh-f67g-9679 published
Sep 6, 2023 by ankushModerate