CVE-2025-65267 | ERPNext/Frappe SVG Avatar Image cross site scripting

December 3, 2025 Yanac

A vulnerability was found in ERPNext and Frappe and classified as problematic. Affected by this issue is some unknown functionality of the component SVG Avatar Image Handler. The manipulation results in cross site scripting.

This vulnerability is known as CVE-2025-65267. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More

CVE-2025-55182 | Meta react-server-dom-webpack 19.0.0/19.1.0/19.1.1/19.2.0 React Server deserialization
CVE-2025-53841 | Akamai Guardicore Platform Agent up to 50.14.x/51.11.x/52.1.0 inclusion of functionality from untrusted control sphere