CVE Catalog

CVE-2026-53568

MediumCVSS 6.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

7th percentile — higher than 7% of all known CVEs

Summary

Frappe is a web application framework. Prior to versions 15.107.2 and 16.17.4, there was a stored XSS vulnerability in the report/list view. This issue has been patched in versions 15.107.2 and 16.17.4.

Risk Assessment

Organizations using vulnerable versions may be exposed to XSS attacks, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to upgrade to versions 15.107.2 or 16.17.4 to mitigate this vulnerability.

Original NVD description (English source)

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS