cvedb.io
CVE-2025-68928
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2025-12-29T15:16:01.877 · Last modified 2026-06-17T09:59:50.363

Summary

Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.

Affected products

frappe — frappe_crm

Does this affect you?

Add your gear to cvedb and we'll alert you only when frappe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.