Filtered by vendor Frappe
Subscriptions
Filtered by product Frappe Crm
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-68928 | 1 Frappe | 2 Frappe, Frappe Crm | 2026-01-05 | 5.4 Medium |
| Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available. | ||||
| CVE-2025-11461 | 1 Frappe | 1 Frappe Crm | 2025-12-19 | 8.8 High |
| Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1. | ||||
Page 1 of 1.