CVE-2026-3673

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 22, 2026

Vendor unknown

Description

An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10.

References

https://fluidattacks.com/es/advisories/silvio
https://github.com/frappe/frappe
https://fluidattacks.com/es/advisories/silvio