CVE-2026-50701
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.
Risk Assessment
An attacker could exploit this vulnerability to inject malicious scripts, potentially leading to session data theft or other user information compromise.
Recommendation
It is recommended to update Frappe Framework to the latest version to mitigate this vulnerability and implement additional security measures against XSS attacks.
Original NVD description (English source)
A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

