Frappe: >> Frappe Crm Security Vulnerabilities
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-29
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.
This issue affects Frappe CRM: 1.53.1.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-26