Akhilnarang

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.99.6 Frappe versions prior to 15.88.1 **Description** Frappe is a full-stack web application framework. An authenticated user with specific permissions could be tricked into accessing a specially crafted link, potentially leading to the execution of a malicious template on the server and resulting in remote code execution. The issue is related to the lack of measures to neutralize special elements in the template creation mechanism. **Recommendations** Update Frappe to version 14.99.6 or later. Update Frappe to version 15.88.1 or later.

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to via SQL injection. Recommendations: Update to Frappe version 15.74.2 or later. Update to Frappe version 14.96.15 or later.