Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-3837

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 1 month ago

Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without escaping This issue affects Frappe: 16.10.0.

References

https://fluidattacks.com/es/advisories/sabina third-party-advisory
https://github.com/frappe/frappe product

Affected products

Frappe

==16.10.0

Matching in nixpkgs

pkgs.nixos-artwork.wallpapers.catppuccin-frappe

Catppuccin Frappé colorscheme wallpaper for NixOS

nixos-unstable 2024-02-15
- nixpkgs-unstable 2024-02-15
- nixos-unstable-small 2024-02-15
nixos-25.11 2024-02-15
- nixos-25.11-small 2024-02-15
- nixpkgs-25.11-darwin 2024-02-15

pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe

Catppuccin Frappe wallpaper for Nix inspired by simpler times

nixos-unstable 2025-01-27
- nixpkgs-unstable 2025-01-27
- nixos-unstable-small 2025-01-27
nixos-25.11 2025-01-27
- nixos-25.11-small 2025-01-27
- nixpkgs-25.11-darwin 2025-01-27

pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe-alt

Alternative Catppuccin Frappe wallpaper for Nix inspired by simpler times