CVE-2025-62407— Frappe has an Open Redirect on Login Page

Frappe has an Open Redirect on Login Page

Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific type of URL was passed in. This vulnerability is fixed in 14.98.0 and 15.83.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

指向未可信站点的URL重定向(开放重定向)

Frappe Technologies Frappe 输入验证错误漏洞

Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.98.0之前版本和15.83.0之前版本存在输入验证错误漏洞，该漏洞源于登录页面redirect参数处理不当，可能导致开放重定向。

N/A

N/A