Primary

Context

Frappe Press Reflected Cross-Site Scripting Vulnerability in Login Redirect

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Frappe Press application, specifically within the login page's redirect parameter. This issue allows for the injection of malicious scripts that could be executed in the context of the user's browser. The vulnerability exists in versions of Frappe Press prior to the patch included in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users can update to the patched version of Frappe Press, which is available in the commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6, to address this vulnerability.

Added: Apr 24, 2026, 4:19 AM

Updated: Apr 24, 2026, 4:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.9

remediation

0.0

relevance

6.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.9

remediation

0.0

relevance

6.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Press Reflected Cross-Site Scripting Vulnerability in Login Redirect

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating