Vulnerabilities > Frappe > Frappe > 12.8.0

DATE CVE VULNERABILITY TITLE RISK
2024-02-07 CVE-2024-24812 Cross-site Scripting vulnerability in Frappe
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library.
network
low complexity
frappe CWE-79
5.4
2023-10-23 CVE-2023-46127 Cross-site Scripting vulnerability in Frappe
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library.
network
low complexity
frappe CWE-79
5.4
2023-09-06 CVE-2023-41328 SQL Injection vulnerability in Frappe
Frappe is a low code web framework written in Python and Javascript.
network
low complexity
frappe CWE-89
7.5
2022-11-14 CVE-2022-3988 Cross-site Scripting vulnerability in Frappe
A vulnerability was found in Frappe.
network
low complexity
frappe CWE-79
6.1
2020-12-11 CVE-2020-35175 Improper Input Validation vulnerability in Frappe
Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
network
low complexity
frappe CWE-20
5.0
2020-12-11 CVE-2020-27508 Unspecified vulnerability in Frappe
In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
network
low complexity
frappe
5.0