Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would only affect themselves and would not affect other users. Commit 5d118a902872d7941f099ad1fb918e2421e79ccd patches this bug.

INFO

Published Date :

2024-10-23T15:45:12.348Z

Last Modified :

2024-10-23T16:27:13.106Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49751 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49751.

URL Resource
https://github.com/frappe/press/commit/5d118a902872d7941f099ad1fb918e2421e79ccd cve-icon cve-icon
https://github.com/frappe/press/security/advisories/GHSA-rf69-h96f-rf2j cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability