CVE-2024-49751

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-49751

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49751.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-49751

Aliases

GHSA-rf69-h96f-rf2j

Published

2024-10-23T15:45:12.348Z

Modified

2026-04-02T12:22:37.368875Z

Severity

1.2 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U CVSS Calculator

Summary

Frappe Press possible HTML injection through SaaS Signup inputs

Details

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Prior to commit 5d118a902872d7941f099ad1fb918e2421e79ccd, a user could inject HTML through SaaS signup inputs. The user who injected the unsafe HTML code would only affect themselves and would not affect other users. Commit 5d118a902872d7941f099ad1fb918e2421e79ccd patches this bug.

Database specific

{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/49xxx/CVE-2024-49751.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/frappe/press

Affected ranges

Type: GIT
Repo: https://github.com/frappe/press
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5d118a902872d7941f099ad1fb918e2421e79ccd

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-49751.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "SaaS"
            }
        ]
    }
]