Stored XSS Vulnerability in Frappe Framework Affects Multiple Versions
CVE-2026-47739
6.9MEDIUM
What is CVE-2026-47739?
A stored Cross-Site Scripting (XSS) vulnerability was identified in the Frappe framework, which allows attackers to inject malicious scripts into the Note feature due to insufficient input sanitization. This issue affected users of versions prior to 15.106.0 and 16.16.0, potentially compromising user data and security. Frappe has addressed this vulnerability in the latest releases, underscoring the importance of keeping software up to date to mitigate security risks. For more information on this vulnerability, visit the official advisory.
Affected Version(s)
frappe < 15.106.0 < 15.106.0
frappe < 16.16.0 < 16.16.0
