Secure peace of mind with Cyber Legion—Your Trusted Cybersecurity Partner.

Speak With a Security Expert

Elevate your cybersecurity posture with our expert and strategic security solutions

Experience the assurance of CREST Certified Penetration Testing services

CVE-2023-46127

 Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0. (CVSS:5.4) (EPSS:0.05%) (Last Update:2023-10-31 12:17:18)     Latest security vulnerabilities (Cross Site Scripting (XSS)) (CVSS score >= 4) – Deprecated! See channel description 

More To Explore