CVE-2026-50698
Deferred Deferred - Pending Action

Stored XSS in Frappe Framework Audit Trail

Vulnerability report for CVE-2026-50698, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: Fluid Attacks

Description

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-07-14
AI Q&A
2026-06-24
EPSS Evaluated
2026-07-13
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
frappe frappe to 17.0.0-dev (exc)
frappe framework From 17.0.0-dev (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-50698 is a Stored Cross-Site Scripting (XSS) vulnerability found in the Frappe Framework version 17.0.0-dev. It occurs because user-controlled input is not properly neutralized before being included in HTML output within the Audit Trail component.

Specifically, malicious data stored in audit records can be rendered as active HTML or JavaScript when viewed by other users. This happens in two rendering paths of the Audit Trail that use jQuery's .appendTo() method without escaping HTML, allowing injected scripts to execute.

An attacker can exploit this by storing malicious payloads in audit records, which then execute when other users view the Audit Trail.

Impact Analysis

This vulnerability can lead to unauthorized script execution in the context of users viewing the Audit Trail component. An attacker could inject malicious scripts that run in other users' browsers, potentially leading to session hijacking, data theft, or other malicious actions.

Since the vulnerability is remotely exploitable and requires only that an attacker store malicious data in audit records, it poses a risk to the integrity and security of user sessions and data.

The CVSS v4.0 base score of 4.6 indicates a medium severity impact.

Detection Guidance

This vulnerability can be detected by inspecting the Audit Trail component of the Frappe Framework version 17.0.0-dev for the presence of malicious scripts in audit records. Since the vulnerability involves improper neutralization of user input that is rendered using jQuery's .appendTo() method without HTML escaping, detection involves checking audit records for suspicious or unexpected HTML or JavaScript content.

There are no specific commands provided in the available resources to detect this vulnerability automatically. However, manual inspection or custom scripts to scan audit trail entries for embedded script tags or suspicious HTML could be used.

Mitigation Strategies

As of the disclosure date, no patch is available for this vulnerability. Immediate mitigation steps include restricting access to the Audit Trail component to trusted users only, to reduce the risk of malicious payloads being stored and executed.

Additionally, monitoring audit records for suspicious entries and avoiding the use of the vulnerable version (17.0.0-dev) in production environments can help mitigate risk.

Implementing input validation or sanitization on user inputs before they are stored in audit records, if possible, may also reduce the risk until an official fix is released.

Compliance Impact

The Stored Cross-Site Scripting (XSS) vulnerability in the Frappe Framework's Audit Trail component allows malicious scripts to be executed when audit records are viewed by other users. This can lead to unauthorized access or manipulation of sensitive information.

Such unauthorized script execution and potential data exposure can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and ensure data integrity.

Because the vulnerability involves improper neutralization of user input leading to possible unauthorized actions, it may increase the risk of data breaches or unauthorized data manipulation, thereby affecting regulatory compliance.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-50698. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart