Frappe Framework 17.0.0-dev - Stored XSS in Audit Trail template rendering 漏洞概述 Frappe Framework 17.0.0-dev 版本存在存储型跨站脚本(XSS)漏洞,原因是审计追踪组件在生成 HTML 输出前未正确清理用户控制的输入。该漏洞允许攻击者将恶意数据存储在审计记录中,当其他用户查看时,这些数据会被解释为活动 HTML 或 JavaScript。 影响范围 受影响产品: Frappe Framework 受影响版本: 17.0.0-dev CVSS v4.0 向量字符串: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UIA:VC/N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS v4.0 基础分数: 4.6 CVE ID: CVE-2026-50698 修复方案 目前尚无针对此漏洞的补丁。 POC代码 URL to open GUI trigger A (changed-fields) 1. Open Audit Trail form. 2. Set DocType to: 3. Set Document to: 4. Click compare. Expected result: Fields: changed renders injected HTML. JavaScript executes. Payload used: GUI trigger B (rows-added / line 117 path) 1. Open Audit Trail form. 2. Set DocType to: 3. Set Document to: 4. Click compare. Expected result: Rows: Added table renders injected child-row HTML. JavaScript executes. Payload used in child table: