CVE-2026-3673

CVE Database · CVE-2026-3673

CVE-2026-3673

· MEDIUMAnalyzed

CVSS v3.1

5.4

CVSS v4.0

4.6

EPSS

0.20%

Published

Apr 22, 2026

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (1)

frappe · frappevulnerable

References (3)

https://fluidattacks.com/es/advisories/silvio

ExploitThird Party Advisory

https://github.com/frappe/frappe

Product

https://fluidattacks.com/es/advisories/silvio

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs