Question 1

What is CVE-2026-47739 — CVE-2026-47739?

Accepted Answer

Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been patched in versions 15.106.0 and 16.16.0.

Question 2

What is the authoritative source for CVE-2026-47739?

Accepted Answer

CVE-2026-47739 (CVE-2026-47739) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

EPSS	0.26% probability of exploitation · percentile 16.9% · 2026-06-19T12:03:05Z
Last modified	2026-06-12

CVE-2026-47739CVE-2026-47739

Description

Scoring