CVE-2025-52896 – Frappe Cross-Site Scripting (XSS) via Data Import Vulnerability

June 30, 2025

CVE ID : CVE-2025-52896

Published : June 30, 2025, 5:15 p.m. | 26 minutes ago

Description : Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting (XSS). This issue has been patched in versions 14.94.2 and 15.57.0. There are no workarounds for this issue other than upgrading.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6916 – TOTOLINK T6 Local Network Authentication Bypass

Next Article CVE-2025-52895 – Frappe SQL Injection Vulnerability

Never Stop Exploring (July 2025 Wallpapers Edition)

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

I never thought I’d praise a kickstand power bank – until I tried this one

I replaced my work PC with this Alienware laptop – now I’m wondering why I hadn’t done this sooner

How to set up Alexa to receive notifications on Prime Day deals you want

How proxy servers actually work, and why they’re so valuable

What’s the difference between named functions and arrow functions in JavaScript?

What’s the difference between named functions and arrow functions in JavaScript?

Spring Boot + Swagger: A Complete Guide to API Documentation

Wire Room Math: AI + SME = (Less Compensation Paid) X (Headline Risk + Payment Errors)^2

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Artix Linux: Introduzione di XLibre nelle Build Sperimentali

Orange Pi R2S Single Board Computer Running Linux: Introduction

vmstat – reports virtual memory statistics

CVE-2025-52896 – Frappe Cross-Site Scripting (XSS) via Data Import Vulnerability

CVE-2023-47310 – MikroTik RouterOS IPv6 UDP Traceroute Information Disclosure

CVE-2024-53621 – Tenda AC1206 Buffer Overflow Vulnerability

Improved Sample Complexity for Private Nonsmooth Nonconvex Optimization

I tested Garmin’s latest smartwatch, and it has the right balance of style and features

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices

Wyze wants to keep prying eyes away from your cameras with this new feature

VidsYouTube – Free Online Video Downloader for YouTube, TikTok, Instagram & More

CVE-2024-38823 – Salt Replays

Building an Infinite Parallax Grid with GSAP and Seamless Tiling

CVE-2025-52896 – Frappe Cross-Site Scripting (XSS) via Data Import Vulnerability

Related Posts