PT-2026-51833 · Frappe · Frappe Framework

Oscar Uribe

·

Published

2026-06-24

·

Updated

2026-06-24

·

CVE-2026-50710

CVSS v4.0

4.6

Medium

VectorAV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-50710

Affected Products

Frappe Framework