Home > Vulnerability Database > CVE-2024-49751

Mend.io Vulnerability Database

CVE-2024-49751

Date: October 23, 2024

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would only affect themselves and would not affect other users. Commit 5d118a902872d7941f099ad1fb918e2421e79ccd patches this bug.

Language: Python

Severity Score

4.3

Related Resources (4)

Url: https://github.com/frappe/press/security/advisories/GHSA-rf69-h96f-rf2j

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-49751

Url: https://github.com/frappe/press/commit/5d118a902872d7941f099ad1fb918e2421e79ccd

Url: https://www.mend.io/vulnerability-database/CVE-2024-49751

Severity Score

4.3

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-49751

Date: October 23, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?