VYPR
Medium severity6.1NVD Advisory· Published Apr 24, 2026· Updated Apr 30, 2026

CVE-2026-41430

CVE-2026-41430

Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting redirects to internal URLs only.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Frappe/Press2 versions
    cpe:2.3:a:frappe:press:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:frappe:press:*:*:*:*:*:*:*:*range: <0.16.0
    • (no CPE)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.