CVE-2025-68928
Unknown Unknown - Not Provided
Stored Cross-Site Scripting in Frappe CRM Website Field

Publication date: 2025-12-29

Last updated on: 2025-12-29

Assigner: GitHub, Inc.

Description
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-29
Last Modified
2025-12-29
Generated
2026-06-16
AI Q&A
2025-12-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68928
EUVD
EUVD-2025-205603
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
frappe frappe_crm *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Frappe CRM prior to version 1.56.2 allows authenticated users to set crafted URLs in a website field that are not properly sanitized, leading to a cross-site scripting (XSS) issue. This means malicious scripts can be injected and executed in the context of the application.

Impact Analysis

The vulnerability can lead to cross-site scripting attacks, which may allow attackers to execute malicious scripts in users' browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions within the application context.

Mitigation Strategies

Upgrade Frappe CRM to version 1.56.2 or later, as this version fixes the cross-site scripting vulnerability. No known workarounds are available.

Detection Guidance

This vulnerability can be detected by checking if your frappe CRM instance is running a version prior to 1.56.2, as those versions allow authenticated users to inject crafted URLs in the website field without proper sanitization. To detect exploitation attempts, you can monitor HTTP requests for suspicious or crafted URLs in the website field submitted by authenticated users. Since the vulnerability involves cross-site scripting via crafted URLs, inspecting logs or database entries for website fields containing unusual URL schemes or JavaScript payloads can help. There are no specific commands provided in the resources, but general approaches include querying the database for website fields containing suspicious patterns or using web application firewall (WAF) rules to detect malicious URL inputs. Upgrading to version 1.56.2 or later is the recommended mitigation. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68928. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart