CVE-2025-52896

Sažetak

Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.

Reference

https://github.com/frappe/frappe/commit/152fd09de5bca16b8d299d715a1f5df6fca3866f
https://github.com/frappe/frappe/commit/f11c53d4df745b58bd1c1c08e1634a2f5a55322a
https://github.com/frappe/frappe/pull/31483
https://github.com/frappe/frappe/security/advisories/GHSA-hv29-66qg-2v6p

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

30-06-2025 - 18:38

Objavljeno

30-06-2025 - 17:15