Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68928 | 1 Frappe | 1 Frappe Crm | 2026-01-05 | N/A | 5.4 MEDIUM |
| Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available. | |||||
| CVE-2025-11461 | 1 Frappe | 1 Frappe Crm | 2025-12-19 | N/A | 8.8 HIGH |
| Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1. | |||||