PatchSiren cyber security CVE debrief
CVE-2026-53568 frappe CVE debrief
CVE-2026-53568 is a stored XSS vulnerability in the Frappe Report/List View. This issue was patched in versions 15.107.2 and 16.17.4. The vulnerability has a CVSS score of 6.9 and is classified as MEDIUM severity.
- Vendor
- frappe
- Product
- Unknown
- CVSS
- MEDIUM 6.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of Frappe versions prior to 15.107.2 and 16.17.4 should apply the patches to prevent exploitation of this stored XSS vulnerability.
Technical summary
The vulnerability is caused by improper sanitization of user input in the Frappe Report/List View. An attacker could exploit this vulnerability by injecting malicious code, potentially leading to unauthorized access or data manipulation.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches in versions 15.107.2 and 16.17.4 or later.
- Review and update Frappe installations to ensure they are running a patched version.
Evidence notes
The CVE record and NVD detail pages provide additional information on this vulnerability.
Official resources
-
CVE-2026-53568 CVE record
CVE.org
-
CVE-2026-53568 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-53568 was published on 2026-06-12T16:16:33.810Z and modified on 2026-06-12T16:17:58.070Z.