Vulnerabilities (CVE)

Filtered by vendor Frappe Subscribe

Filtered by product Frappe

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-35175	1 Frappe	1 Frappe	2021-07-21	5.0 MEDIUM	5.3 MEDIUM
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
CVE-2019-15700	1 Frappe	1 Frappe	2019-09-04	4.3 MEDIUM	6.1 MEDIUM
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
CVE-2019-14967	1 Frappe	1 Frappe	2019-08-15	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability.