CVE-2026-3673

Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer

Description

An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10.

INFO

Published Date :

2026-04-22T19:32:36.622Z

Last Modified :

2026-04-22T19:58:00.187Z

Source :

Fluid Attacks

AFFECTED PRODUCTS

The following products are affected by CVE-2026-3673 vulnerability.

Vendors	Products
Frappe	Frappe

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-3673.

URL	Resource
https://fluidattacks.com/es/advisories/silvio
https://github.com/frappe/frappe

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability