CVE-2026-44205

Vulnerability Description

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0.

Vulnerability Details

Published Date

June 12, 2026

Last Modified

June 12, 2026

CWE ID

CWE-79

Source

NVD

Vendor

frappe

Product

frappe

External References

https://github.com/frappe/frappe/security/advisories/GHSA-2wx6-8gmq-x4fw

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment