CVE-2026-25956— Frappe Affected by XSS and Open Redirect in Sign Up

Frappe Affected by XSS and Open Redirect in Sign Up

Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to an open redirect (or reflected XSS, depending on the crafted payload) when a user signs up. This vulnerability is fixed in 14.99.14 and 15.94.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

指向未可信站点的URL重定向(开放重定向)

Frappe Technologies Frappe 输入验证错误漏洞

Frappe Technologies Frappe是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。 Frappe Technologies Frappe 14.99.14之前版本和15.94.0之前版本存在输入验证错误漏洞，该漏洞源于特制的注册URL可能导致重定向或反射型跨站脚本攻击。

N/A

N/A