Low severityOSV Advisory· Published Oct 23, 2024· Updated Apr 15, 2026

CVE-2024-49751

Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would only affect themselves and would not affect other users. Commit 5d118a902872d7941f099ad1fb918e2421e79ccd patches this bug.

Affected products

Frappe/PressOSV

Patches

5d118a902872

https://github.com/frappe/pressvia osv

commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/frappe/press/commit/5d118a902872d7941f099ad1fb918e2421e79ccdnvd
github.com/frappe/press/security/advisories/GHSA-rf69-h96f-rf2jnvd

News mentions

No linked articles in our index yet.

cvss	0.065
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000