PT-2026-51830 · Frappe · Frappe Framework

Oscar Uribe

·

Published

2026-06-24

·

Updated

2026-06-24

·

CVE-2026-50705

CVSS v4.0

4.6

Medium

VectorAV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-50705

Affected Products

Frappe Framework