XSS in Frappe Framework
CVE-2026-50699
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev. An authenticated attacker with write access to Auto Repeat can persist HTML/JavaScript in reference_document using a whitelisted write path an…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Frappe Framework — versions 17.0.0-dev
Weakness classification (CWE)
References
- help@fluidattacks.com (third-party-advisory)
- help@fluidattacks.com (product)