CVE Catalog
CVE-2026-53568
MediumCVSS 6.9Exploitation Probability (EPSS)
Low risk0.02%
7th percentile — higher than 7% of all known CVEs
Summary
Frappe is a web application framework. Prior to versions 15.107.2 and 16.17.4, there was a stored XSS vulnerability in the report/list view. This issue has been patched in versions 15.107.2 and 16.17.4.
Risk Assessment
Organizations using vulnerable versions may be exposed to XSS attacks, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to upgrade to versions 15.107.2 or 16.17.4 to mitigate this vulnerability.
Original NVD description (English source)
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4.

