CVE-2026-41430

Name of the Vulnerable Software and Affected Versions Press (affected versions not specified)

Description Press is a Frappe custom app used for managing infrastructure, subscriptions, marketplace, and software-as-a-service (SaaS) on Frappe Cloud. The redirect parameter on the login page is susceptible to reflected Cross-Site Scripting (XSS), a flaw where an application includes untrusted data in a web page without proper validation, allowing an attacker to execute scripts in the victim's browser.

Recommendations Restrict redirects to internal URLs only to prevent the execution of malicious scripts via the redirect parameter.