Vulnerabilities
Vulnerable Software
Frappe:  >> Frappe  >> 12.0.1  Security Vulnerabilities
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
CVSS Score
5.3
EPSS Score
0.009
Published
2020-12-11
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-12-11
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
CVSS Score
6.1
EPSS Score
0.009
Published
2019-08-27
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.
CVSS Score
9.8
EPSS Score
0.026
Published
2019-08-12
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
CVSS Score
8.8
EPSS Score
0.017
Published
2019-08-12


Contact Us

Shodan ® - All rights reserved