CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14967
https://notcve.org/view.php?id=CVE-2019-14967
12 Aug 2019 — An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. Se detecto un problema en Frappe Framework versiones 10, 11 antes de 11.1.46 y 12. Existe una vulnerabilidad XSS. • https://github.com/frappe/frappe/compare/v11.1.45...v11.1.46 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000120
https://notcve.org/view.php?id=CVE-2017-1000120
04 Oct 2017 — [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. [ERPNext][Frappe en versiones iguales o anteriores a la 7.1.27] Una vulnerabilidad de inyección SQL en frappe.share.get_users permite que usuarios autenticados remotos ejecuten comandos SQL arbitrarios mediante el parámetro fields. • http://tech.mantz-it.com/2016/12/sql-injection-in-frappe-framework.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •