Description
A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
High
User Interaction
Active
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
Low
Integrity (Subsequent System)
Low
Availability (Subsequent System)
None
Affected products
- frappe / Frappe Framework17.0.0-dev – 17.0.0-dev