HTML Injection Vulnerability in Frappe Framework 12 through 12.0.8

HTML Injection Vulnerability in Frappe Framework 12 through 12.0.8

CVE-2019-15700 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.

Learn more about our Web Application Penetration Testing UK.