Frappe Framework has disclosed a Stored Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-28436, affecting all versions before 16.11.0 and 15.102.0, allowing attackers to inject malicious scripts via crafted avatar image URLs that execute silently in victim browsers via website page comments.
Security researcher tepel-chen identified and responsibly disclosed a stored XSS flaw residing within Frappe Framework’s avatar_macro.html template file.
The vulnerability carries a CVSS score of 5.3, classifying it as a Low-severity issue, yet its stored, persistent nature makes it significantly more dangerous than the severity label alone suggests.
How the Attack Works
The root cause of CVE-2026-28436 is improper sanitization of user-supplied image URLs in Frappe’s avatar rendering pipeline. When a user sets a profile avatar, Frappe stores the provided image URL and later renders it through the avatar_macro.html Jinja2 template.
The framework fails to escape this URL before inserting it into the HTML output, meaning an attacker can craft a malicious URL containing embedded JavaScript payloads such as javascript:alert(document.cookie) or a data: URI with an inline script.
When the avatar_macro.html template renders the image tag, the unsanitized URL is placed directly into the src attribute of an <img> element, or passed as an argument to a JavaScript function that dynamically sets the image source.
Crucially, this malicious avatar is triggered not only when the attacker’s own profile is visited, but also propagates to other users through website page comments, meaning anyone viewing a comment thread where the attacker has participated becomes an unwitting victim. This cross-user propagation is what elevates the real-world risk of this “Low” severity bug.
Affected Versions and Scope
Frappe is a widely deployed, full-stack Python web application framework distributed via pip (PyPI) and used as the backbone for ERPNext, Frappe HR, and numerous enterprise web applications globally. The following version ranges are confirmed vulnerable:
- Version 16.x: All releases before 16.11.0
- Version 15.x: All releases before 15.102.0
Organizations running Frappe-based applications, especially those with publicly accessible website pages, comment sections, or user profile features, are directly exposed. The attack surface is widened because no authenticated session is required on the victim’s end; any website visitor viewing a comment from the malicious user triggers the payload.
Consider the following real-world attack chain:
- Attacker registers an account on a Frappe-powered website or portal.
- Attacker posts a comment on any public website page within the Frappe application.
- Any victim who loads that page triggers the malicious avatar render, executing the JavaScript payload in their browser context.
- Session cookies, authentication tokens, or sensitive DOM data are silently exfiltrated to the attacker’s server.
This is the hallmark of a classic persistent (stored) XSS attack: the payload is written once and fires repeatedly against every subsequent viewer, without any further action by the attacker.
Patch and Remediation
The Frappe security team resolved the vulnerability by escaping the image URL inside the avatar_macro rendering function, ensuring that any user-supplied URL is sanitized before being inserted into HTML output. Patches are available and integrated into the following releases:
- Frappe 16.11.0 – Patched
- Frappe 15.102.0 -Patched
SentinelOne’s vulnerability database further recommends the following defense-in-depth measures for organizations already running patched versions:
- Immediately upgrade to Frappe 16.11.0 or 15.102.0 or later
- Audit existing user avatar URLs for any suspicious
javascript:,data:, or obfuscated URI patterns - Implement Content Security Policy (CSP) headers (e.g.,
Content-Security-Policy: script-src 'self') to block unauthorized script execution - Restrict or sanitize avatar URL inputs at the application layer as a secondary control
- Monitor web application logs for anomalous
srcattribute patterns in user-generated content
CVE-2026-28436 is not an isolated incident. Frappe has faced a series of XSS-related disclosures in recent months. A separate stored DOM XSS flaw, CVE-2026-3673, in Frappe Framework 16.10.0, allowed authenticated attackers to inject malicious code that was executed when victims viewed tag content.
Additionally, CVE-2026-31879 involved stored XSS via improperly validated private workspace modifications before versions 14.100.2, 15.101.0, and 16.10.0.
These recurring patterns indicate a systemic gap in output-encoding practices across Frappe’s template rendering engine, and administrators should treat all user-supplied URL and content fields as potentially hostile.
FAQs
Q1: What is CVE-2026-28436?
It is a stored XSS vulnerability in the Frappe Framework avatar_macro.html that lets attackers inject malicious JavaScript via crafted avatar image URLs.
Q2: Which Frappe versions are affected by this vulnerability?
All Frappe versions before 16.11.0 (v16 branch) and 15.102.0 (v15 branch) are vulnerable.
Q3: How can an attacker trigger this XSS on other users?
The malicious avatar URL is automatically executed whenever a user views a website page comment posted by the attacker.
Q4: What is the official fix for CVE-2026-28436?
Upgrading to Frappe 16.11.0 or 15.102.0, which escapes the avatar image URL in avatar_macro fully remediates this vulnerability.
Site: https://thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.About the Author
