Question 1

What is CVE-2026-44205 — CVE-2026-44205?

Accepted Answer

Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts in the browsers of other users. This issue has been patched in version 15.106.0.

Question 2

What is the authoritative source for CVE-2026-44205?

Accepted Answer

CVE-2026-44205 (CVE-2026-44205) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

EPSS	0.26% probability of exploitation · percentile 16.9% · 2026-06-19T12:03:05Z
Last modified	2026-06-12

CVE-2026-44205CVE-2026-44205

Description

Scoring