Calebudd

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.100.1 Frappe versions prior to 15.100.0 **Description** Frappe, a full-stack web application framework, had an endpoint susceptible to SQL injection. Specifically, crafted requests could exploit this weakness, potentially allowing unauthorized access to sensitive information. **Recommendations** Update to Frappe version 14.100.1 or later. Update to Frappe version 15.100.0 or later.

Name of the Vulnerable Software and Affected Versions: flaskBlog versions prior to 2.8.1 Description: flaskBlog is a blog application built with Flask. Improper sanitization of the `postContent` parameter when submitting POST requests to the `/createpost` API endpoint leads to arbitrary JavaScript execution (XSS) on multiple pages, including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.