Nixpkgs security tracker
Untriaged
Frappe: Stored XSS in avatar_macro.html
Frappe is a full-stack web application framework. Prior to versions 16.11.0 and 15.102.0, an attacker can set a crafted image URL that results in XSS when the avatar is displayed, and it can be triggered for other users via website page comments. This issue has been patched in versions 16.11.0 and 15.102.0.
References
-
https://github.com/frappe/frappe/security/advisories/GHSA-vm63-r48g-7wqh x_refsource_CONFIRM
Affected products
frappe
- ==< 16.11.0
- ==< 15.102.0
Matching in nixpkgs
pkgs.nixos-artwork.wallpapers.catppuccin-frappe
Catppuccin Frappé colorscheme wallpaper for NixOS
-
nixos-unstable 2024-02-15
- nixpkgs-unstable 2024-02-15
- nixos-unstable-small 2024-02-15
-
nixos-25.11 2024-02-15
- nixos-25.11-small 2024-02-15
- nixpkgs-25.11-darwin 2024-02-15
pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe
Catppuccin Frappe wallpaper for Nix inspired by simpler times
-
nixos-unstable 2025-01-27
- nixpkgs-unstable 2025-01-27
- nixos-unstable-small 2025-01-27
-
nixos-25.11 2025-01-27
- nixos-25.11-small 2025-01-27
- nixpkgs-25.11-darwin 2025-01-27
pkgs.nixos-artwork.wallpapers.nineish-catppuccin-frappe-alt
Alternative Catppuccin Frappe wallpaper for Nix inspired by simpler times
-
nixos-unstable 2025-01-27
- nixpkgs-unstable 2025-01-27
- nixos-unstable-small 2025-01-27
-
nixos-25.11 2025-01-27
- nixos-25.11-small 2025-01-27
- nixpkgs-25.11-darwin 2025-01-27