Home > Vulnerability Database > CVE-2024-49751

Mend.io Vulnerability Database

CVE-2024-49751

Good to know:

Date: October 23, 2024

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would only affect themselves and would not affect other users. Commit 5d118a902872d7941f099ad1fb918e2421e79ccd patches this bug.

Language: Python

Severity Score

4.3

Related Resources (4)

Url: https://github.com/frappe/press/security/advisories/GHSA-rf69-h96f-rf2j

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-49751

Url: https://github.com/frappe/press/commit/5d118a902872d7941f099ad1fb918e2421e79ccd

Url: https://www.mend.io/vulnerability-database/CVE-2024-49751

Severity Score

4.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 5d118a902872d7941f099ad1fb918e2421e79ccd

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-49751

Good to know:

Date: October 23, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?