Frappe Authenticated Reflected Cross site scripting (XSS) in portal pages
Package
frappe
(frappe)
Affected versions
< 15.5.0
<14.59.0
Patched versions
15.5.0
14.59.0
Description
Credits
-
zecopro Reporter
-
Haider87Kareem Finder
-
moamelshakeer Finder
-
HassanHadi84 Finder
Summary
Portal pages are susceptible to XSS which can be used to inject malicious JS code if user clicks on a malicious link.
Workaround
There's no workaround. It's advisable to update your system.