VYPR
Unrated severityNVD Advisory· Published Jun 30, 2025· Updated Jun 30, 2025

Frappe authenticated XSS via data import

CVE-2025-52896

Description

Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Frappe/Frappellm-fuzzy2 versions
    <14.94.2 or <15.57.0+ 1 more
    • (no CPE)range: <14.94.2 or <15.57.0
    • (no CPE)range: < 15.57.0

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.