CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27508
https://notcve.org/view.php?id=CVE-2020-27508
11 Dec 2020 — In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. En la autenticación de doble factor, el sistema también envía una clave secreta 2fa en respuesta, lo que permite a un intruso violar la seguridad 2fa • https://github.com/frappe/frappe/pull/11262 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-14965
https://notcve.org/view.php?id=CVE-2019-14965
12 Aug 2019 — An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. A server side template injection (SSTI) issue exists. Se detecto un problema en Frappe Framework versiones 10 a 12 antes de 12.0.4. Existe un problema de inyección de plantilla del lado del servidor (SSTI). • https://github.com/frappe/frappe/compare/v12.0.3...v12.0.4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-14966
https://notcve.org/view.php?id=CVE-2019-14966
12 Aug 2019 — An issue was discovered in Frappe Framework 10 through 12 before 12.0.4. There exists an authenticated SQL injection. Se detecto un problema en Frappe Framework versiones 10 a 12 antes de 12.0.4. Existe una inyección SQL autenticada. • https://github.com/frappe/frappe/compare/v12.0.3...v12.0.4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14967
https://notcve.org/view.php?id=CVE-2019-14967
12 Aug 2019 — An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. Se detecto un problema en Frappe Framework versiones 10, 11 antes de 11.1.46 y 12. Existe una vulnerabilidad XSS. • https://github.com/frappe/frappe/compare/v11.1.45...v11.1.46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •