Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-3673

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 1 month ago

Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer

An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element content without escaping. This issue affects Frappe: 16.10.10.

References

https://fluidattacks.com/es/advisories/silvio third-party-advisoryexploit
https://github.com/frappe/frappe product

Affected products

Frappe

==16.10.10

Matching in nixpkgs

pkgs.nixos-artwork.wallpapers.catppuccin-frappe

Catppuccin Frappé colorscheme wallpaper for NixOS

nixos-unstable 2024-02-15
- nixpkgs-unstable 2024-02-15
- nixos-unstable-small 2024-02-15
nixos-25.11 2024-02-15
- nixos-25.11-small 2024-02-15
- nixpkgs-25.11-darwin 2024-02-15

pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe

Catppuccin Frappe wallpaper for Nix inspired by simpler times

nixos-unstable 2025-01-27
- nixpkgs-unstable 2025-01-27
- nixos-unstable-small 2025-01-27
nixos-25.11 2025-01-27
- nixos-25.11-small 2025-01-27
- nixpkgs-25.11-darwin 2025-01-27

pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe-alt

Alternative Catppuccin Frappe wallpaper for Nix inspired by simpler times