Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering
4.8
Medium
Detected by
Fluid Attacks AI SAST Scanner
Disclosed by
Oscar Uribe
Summary
Full name
Frappe Framework 17.0.0-dev - Stored XSS in Desktop Icon label rendering
Code name
State
Public
Release date
Affected product
Frappe Framework
Vendor
Frappe
Affected version(s)
17.0.0-dev
Vulnerability name
Stored cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
Yes
CVSS v4.0 vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
CVSS v4.0 base score
4.8
Exploit available
Yes
CVE ID(s)
Description
A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer. The application stores desktop icon metadata in Desktop Icon records and renders the label value directly into the data-id attribute of an HTML <a> element without attribute escaping.
An attacker with permission to create or modify Desktop Icon records can inject a quote-breaking payload into the label field, resulting in the injection of arbitrary HTML attributes such as JavaScript event handlers. When another user interacts with the affected icon, attacker-controlled code may execute in the victim's browser.
Vulnerability
Case A: Desktop Icon.label attribute injection in desktop grid
Source persistence: attacker-controlled icon data is saved via
save_layout(desktop_icon.update(icon)+desktop_icon.save()).Server propagation:
get_desktop_iconsreturns persisted records into boot data (frappe.desktop_icons).Client interpolation: desktop icon HTML is built with unescaped
icon.labelin template:<a class="desktop-icon" data-id="{{ icon.label}}" ...>
Sink: HTML is parsed and inserted via
frappe.render_template("desktop_icon", ...)and jQuery element construction.Impact: quote-breaking payload injects executable attributes and runs JavaScript in authenticated Desk sessions.
Case B: claim focus on InlineEditor / line 1068
InlineEditor(${__(this.currentValue)}) exists, and__()is not an HTML escaper.However, the validated exploitation path does not require this code path.
The confirmed root sink is the desktop icon template attribute injection (
desktop_icon.html), notsetup_clickline 1068 (href) as primary vector.
Relevant code:
frappe/frappe/desk/doctype/desktop_layout/desktop_layout.py:28-57frappe/frappe/desk/doctype/desktop_icon/desktop_icon.py:162-225frappe/frappe/desk/page/desktop/desktop.js:878-883frappe/frappe/public/js/frappe/ui/desktop_icon.html:1frappe/frappe/public/js/frappe/translate.js:5-26
PoC
Login to Desk at:
Insert a malicious
Desktop Iconlabel payload (validated marker example):
Ensure the icon is rendered in desktop grid (validated by adding a child icon to a folder icon so it is visible).
Reload Desk.
Hover the malicious desktop icon.
Expected result:
JavaScript executes on hover (
window.__desktop_xssbecomes1, oralert(document.domain)if using alert payload).
Evidence of Exploitation
Static evidence:
Our security policy
We have reserved the ID CVE-2026-50699 to refer to this issue from now on.
System Information
Frappe Framework
Version 17.0.0-dev
Operating System: Any
References
Github Repository: https://github.com/frappe/frappe
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Oscar Uribe from Fluid Attacks' Offensive Team using the AI SAST Scanner.
Timeline
Vulnerability discovered
Vendor contacted
Vendor replied
Public disclosure
Does your application use this vulnerable software?
During our free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.
