CVE-2022-3988
LOWfrappe < 14.14.3 - Cross-Site Scripting via Navbar Search Parameter
Title source: llmDescription
A vulnerability was found in Frappe. It has been rated as problematic. Affected by this issue is some unknown functionality of the file frappe/templates/includes/navbar/navbar_search.html of the component Search. The manipulation of the argument q leads to cross site scripting. The attack may be launched remotely. The name of the patch is bfab7191543961c6cb77fe267063877c31b616ce. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213560.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/frappe/frappe/commit/bfab7191543961c6cb77fe267063877c31b616ce
Patch, Third Party Advisory
https://github.com/frappe/frappe/pull/18847
Permissions Required, Third Party Advisory, VDB Entry
https://vuldb.com/?id.213560
Scores
CVSS v3
3.5
EPSS
0.0059
EPSS Percentile
43.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-707
Status
published
Products (1)
frappe/frappe
< 14.14.3
Published
Nov 14, 2022
Tracked Since
Feb 18, 2026