Primary

Context

Frappe Framework Improper Permission Check Vulnerability Leading to Workspace Modification and Stored Cross-Site Scripting

Vulnerability

Patched

A vulnerability in the Frappe web application framework allows users to modify other users' private workspaces due to improper permission checks and validation. This issue, present in versions prior to 14.100.2, 15.101.0, and 16.10.0, could be exploited through specially crafted requests, leading to stored cross-site scripting.

Impact

Exploitation of this vulnerability could result in unauthorized modification of private workspaces and the introduction of stored cross-site scripting, where malicious scripts are executed in the context of the user.

Remediation

Users are advised to upgrade to Frappe versions 14.100.2, 15.101.0, or 16.10.0.

Added: Mar 11, 2026, 7:29 PM

Updated: Mar 11, 2026, 7:29 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

5.0

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Framework Improper Permission Check Vulnerability Leading to Workspace Modification and Stored Cross-Site Scripting

Vulnerability

Impact

Remediation

Affected Products

Frappe

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating