Unrated severityNVD Advisory· Published Feb 7, 2024· Updated Aug 1, 2024
Frappe Authenticated Reflected Cross site scripting (XSS) in portal pages
CVE-2024-24812
Description
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/frappe/frappe/releases/tag/v14.59.0mitrex_refsource_MISC
- github.com/frappe/frappe/releases/tag/v15.5.0mitrex_refsource_MISC
- github.com/frappe/frappe/security/advisories/GHSA-7p3m-h76m-hg9vmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.