CVE-2022-3988

Name of the Vulnerable Software and Affected Versions Frappe (affected versions not specified)

Description A problematic issue was found in Frappe, affecting some unknown functionality of the file frappe/templates/includes/navbar/navbar search.html of the component Search. The manipulation of the q argument leads to cross-site scripting. The attack may be launched remotely.

Recommendations Apply a patch to fix this issue, specifically the patch bfab7191543961c6cb77fe267063877c31b616ce. As a temporary workaround, consider restricting the use of the q argument in the affected Search component until the patch is applied.