A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The name of the patch is bfab7191543961c6cb77fe267063877c31b616ce. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213560.
CVSS Score
3.5
EPSS Score
0.003
Published
2022-11-14
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-12-11
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.
CVSS Score
9.8
EPSS Score
0.018
Published
2019-08-12
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
CVSS Score
8.8
EPSS Score
0.01
Published
2019-08-12
Page 3