Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Frappe'
2020-12-11
CVE-2020-35175
CWE-20
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
CVE-2020-27508
NVD-CWE-noinfo
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
2020-03-18
CVE-2019-20529
CWE-200
In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12, data files generated with Prepared Report were being stored as public files (no authentication is required to access; having a link is sufficient) instead of private files.
2019-08-27
CVE-2019-15700
CWE-79
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
2019-08-12
CVE-2019-14967
CWE-79
An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability.
CVE-2019-14966
CWE-89
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection.
CVE-2019-14965
CWE-74
An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists.
2017-10-04
CVE-2017-1000120
[ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter.
>>>
Vendor:
Frappe
2
Produkty
Frappe
Erpnext
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Frappe' 
Polish
English