HTML Injection Vulnerability in Frappe Framework 12 through 12.0.8
CVE-2019-15700 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
Learn more about our Web Application Penetration Testing UK.