CVE-2023-46127

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 14.49.0

Description Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection.

Recommendations For versions prior to 14.49.0, update to version 14.49.0 to resolve the issue. As a temporary workaround, consider restricting access to document creation for malicious users until the patch is applied.