QwikSec

Security Database

CVE

CWE

Training

CVE-2026-41430

Published: Apr 24, 2026

Modified: Apr 24, 2026

PUBLISHED

Description

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6 fixes the issue by restricting redirects to internal URLs only.

Vendor	Product	Versions
frappe	press	affected `< 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6`

Weaknesses (CWE)

References

https://github.com/frappe/press/security/advisories/GHSA-mpww-rq79-8r2c

x_refsource_CONFIRM

https://github.com/frappe/press/commit/16d1b6ca2559f858a1de77bcb03fd7f1b81671c6

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.