frappe/crm

frappe/crm

Releases237

Frequency3 days 8 hours

Last Release 2 days ago

Stars2.8K

Fully featured, open source CRM

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-68928 ↗	Dec 29, 2025Monday, 29 December 2025, 15:16	5.4 MEDIUM	—
Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available.
CVE-2025-11461 ↗	Nov 26, 2025Wednesday, 26 November 2025, 18:15	8.8 HIGH	—
Multiple SQL Injections in Frappe CRM Dashboard Controller due to unsafe concatenation of user-controlled parameters into dynamic SQL statements. This issue affects Frappe CRM: 1.53.1.