CVE-2026-41430

Vulnerability Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting redirects to internal URLs only.

Vulnerability Details

Published Date

April 24, 2026

Last Modified

April 24, 2026

CWE ID

CWE-79

Source

NVD

Vendor

frappe

Product

press

External References

https://github.com/frappe/press/commit/16d1b6ca2559f858a1de77bcb03fd7f1b81671c6
https://github.com/frappe/press/security/advisories/GHSA-mpww-rq79-8r2c

CVE-2026-41430

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment