PT-2026-51823 · Frappe · Frappe Framework
Oscar Uribe
·
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-50699
CVSS v4.0
4.6
Medium
| Vector | AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference document using a whitelisted write path and trigger script execution when users open the affected Auto Repeat form.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frappe Framework