Medium severity5.4NVD Advisory· Published Apr 22, 2026· Updated May 12, 2026
CVE-2026-3673
CVE-2026-3673
Description
An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
1- fluidattacks.com/es/advisories/silvionvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.