Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Frappe Framework

Source -

CNA

CNA CVEs -

12

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
12Vulnerabilities found
CVE-2026-50712
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.8||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 15:26
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Tree View node label rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50711
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 15:18
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50710
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 15:08
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50709
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.8||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 15:04
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50708
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.8||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:58
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Multi Select Dialog result rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50705
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:51
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Form Dashboard headline rendering

A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50704
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:46
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Reflected/Stored XSS in File View breadcrumbs rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50703
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.8||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:42
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50701
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-5.1||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:33
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Reflected DOM XSS in dashboard-view breadcrumb rendering

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50700
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:27
Updated-24 Jun, 2026 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in frappe.get_avatar image rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50699
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:20
Updated-24 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Auto Repeat dashboard schedule rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-50698
Assigner-Fluid Attacks
ShareView Details
Assigner-Fluid Attacks
CVSS Score-4.6||MEDIUM
EPSS-Not Assigned
Published-24 Jun, 2026 | 14:17
Updated-24 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Frappe Framework 17.0.0-dev - Stored XSS in Audit Trail template rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component.

Action-Not Available
Vendor-Frappe
Product-Frappe Framework
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')