Cogk

**Name of the Vulnerable Software and Affected Versions** Frappe versions prior to 14.49.0 **Description** Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. **Recommendations** For versions prior to 14.49.0, update to version 14.49.0 to resolve the issue. As a temporary workaround, consider restricting access to document creation for malicious users until the patch is applied.