Unrated severityOSV Advisory· Published Dec 29, 2025· Updated Dec 29, 2025
Frappe CRM vulnerable to authenticated XSS via website field
CVE-2025-68928
Description
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/frappe/crm/commit/c5766d9989131d17d954e866bfc4b8d3b23e4f10mitrex_refsource_MISC
- github.com/frappe/crm/releases/tag/v1.56.2mitrex_refsource_MISC
- github.com/frappe/crm/security/advisories/GHSA-fm34-v6j7-chwcmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.