PT-2026-7328 · Frappe · Frappe

Stolichnayer

·

Publicado

2026-02-10

·

Atualizado

2026-02-10

·

CVE-2026-25956

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.99.14 Frappe versions prior to 15.94.0
Description A crafted malicious signup URL for a Frappe site could lead to an open redirect or reflected cross-site scripting (XSS), depending on the crafted payload, when a user signs up. The issue occurs when a user accesses a specially designed URL.
Recommendations Update to Frappe version 14.99.14 or later. Update to Frappe version 15.94.0 or later.

Exploit

Correção

Open Redirect

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601CWE-79

Identificadores relacionados

CVE-2026-25956
GHSA-7M8V-G2PR-H2F7

Produtos afetados

Frappe