Primary

Context

Frappe Open Redirect Vulnerability on Login Page

Vulnerability

Patched

An open redirect vulnerability has been identified in the Frappe web application framework, affecting versions prior to 14.98.0 and 15.83.0. The issue arises on the login page, where the redirect argument could be manipulated to redirect users to an external URL, given a specific type of URL was provided. This vulnerability requires user interaction to exploit.

Impact

Exploitation of this vulnerability allows for open redirect, where users can be redirected to an external site of the attacker's choosing.

Remediation

Users are advised to upgrade to Frappe versions 14.98.0 or 15.83.0, where this vulnerability has been patched.

Added: Oct 16, 2025, 6:21 PM

Updated: Oct 16, 2025, 6:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.5

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

6.5

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Open Redirect Vulnerability on Login Page

Vulnerability

Impact

Remediation

Affected Products

Frappe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating