Ankush Menat

3 exploits Active since Oct 2023
CVE-2023-46127 WRITEUP MEDIUM WRITEUP
frappe < 14.49.0 - Authenticated HTML Injection via Document Creation
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.
CVSS 5.4
CVE-2024-34074 WRITEUP MEDIUM WRITEUP
Frappe <15.26.0-14.74.0 - Open Redirect
Frappe is a full-stack web application framework. Prior to 15.26.0 and 14.74.0, the login page accepts redirect argument and it allowed redirect to untrusted external URls. This behaviour can be used by malicious actors for phishing. This vulnerability is fixed in 15.26.0 and 14.74.0.
CVSS 6.1
CVE-2025-30212 WRITEUP HIGH WRITEUP
Frappe Framework <14.89.0, <15.51.0 - SQL Injection
Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to access sensitive information. Versions 14.89.0 and 15.51.0 fix the issue. Upgrading is required; no other workaround is present.
CVSS 7.5