Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, all
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Vers
Frappe HR is an open-source human resources management solution (HRMS). Prior to versions 15.58.1 and 16.4.1, an authenticated user with default role can access unauthorized information by exploiting
Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This
Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract in
Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain acc
Frappe is a full-stack web application framework. Prior to versions 14.100.1 and 15.100.0, an endpoint was vulnerable to SQL injection through specially crafted requests, which would allow a malicious
Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions 15.106.0 and 16.1
Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.7
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information
Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to ac
Frappe is a full-stack web application framework. An SQL Injection vulnerability has been identified in Frappe Framework prior to versions 14.89.0 and 15.51.0 which could allow a malicious actor to ac
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issu
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 and 15.104.0.
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This is
Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific type of URL was passed in.
Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify other user's private workspac
Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browser
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company
Page 1+ Next →