XSS in Frappe

CVE-2026-31879

Frappe is a full-stack web application framework. Prior to 14.100.2, 15.101.0, and 16.10.0, due to a lack of validation and improper permission checks, users could modify other user's private workspaces. Specially crafted requests could le…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.