Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Frappe'
2020-12-11
CVE-2020-35175
CWE-20
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
CVE-2020-27508
NVD-CWE-noinfo
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
2020-03-18
CVE-2019-20529
CWE-200
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
2019-08-27
CVE-2019-15700
CWE-79
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
2019-08-12
CVE-2019-14967
CWE-79
An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability.
CVE-2019-14966
CWE-89
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
CVE-2019-14965
CWE-74
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.
2017-10-04
CVE-2017-1000120
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
>>>
Vendor:
Frappe
2
Products
Frappe
Erpnext
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Frappe' 