CVE Catalog

CVE-2026-50701

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

Risk Assessment

An attacker could exploit this vulnerability to inject malicious scripts, potentially leading to session data theft or other user information compromise.

Recommendation

It is recommended to update Frappe Framework to the latest version to mitigate this vulnerability and implement additional security measures against XSS attacks.

Original NVD description (English source)

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS