First published: Tue Aug 27 2019(Updated: )
public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Frappe LMS | >=12.0.0<=12.0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Frappe Framework issue is CVE-2019-15700.
The title of this vulnerability is "public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML...".
This vulnerability affects Frappe Framework versions 12 through 12.0.8.
The severity of CVE-2019-15700 is medium with a score of 6.1.
To fix this vulnerability, update Frappe Framework to a version higher than 12.0.8.