Vulnerabilities

CVE-2026-28436 - Frappe: Stored XSS in avatar_macro.html

2026-03-05 0 views admin
CVE-2026-28436 - Frappe: Stored XSS in avatar_macro.html

CVE ID : CVE-2026-28436 Published : March 5, 2026, 9:16 p.m. | 27 minutes ago Description : Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 and 15.102.0. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
MEDIUM
Published
March 5, 2026
Impact: XSS

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-28436medium

More from Vulnerabilities

CVE-2026-28348 - lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

CVE-2026-28348 - lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

2026-03-05 0
CVE-2026-28343 - CKEditor: Cross-site scripting (XSS) in the HTML Support package

CVE-2026-28343 - CKEditor: Cross-site scripting (XSS) in the HTML Support package

2026-03-05 0
CVE-2025-70995 - Aranda Service Desk Web Edition Remote Code Execution Vulnerability

CVE-2025-70995 - Aranda Service Desk Web Edition Remote Code Execution Vulnerability

2026-03-05 0
CVE-2025-70949 - Couch-Auth Timing Side-Channel Information Disclosure

CVE-2025-70949 - Couch-Auth Timing Side-Channel Information Disclosure

2026-03-05 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views