Stored XSS Vulnerability in Frappe Web Application Framework
CVE-2026-44205
6.9MEDIUM
What is CVE-2026-44205?
Frappe, a full-stack web application framework, has a stored Cross-Site Scripting (XSS) vulnerability present in the user profile image section. This flaw allows attackers to inject and execute malicious scripts within the browsers of unsuspecting users. The vulnerability is addressed in version 15.106.0, which provides a crucial patch to enhance user security and prevent potential exploitation.
Affected Version(s)
frappe < 15.106.0
