CVE-2026-44205 – Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload

CVE ID :CVE-2026-44205

Published : June 12, 2026, 2:23 p.m. | 59 minutes ago

Description :Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-53726 – Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL

CVE-2026-12043 – Heap double-free in AWS Common Runtime aws-c-http

CVE-2026-53725 – Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied

CVE-2026-53724 – Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist