Frappe

Learning

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-39415

  • EPSS 0.09%
  • Veröffentlicht 08.04.2026 20:07:45
  • Zuletzt bearbeitet 13.04.2026 11:28:16

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The applic...

6.1

CVE-2026-34606

  • EPSS 0.03%
  • Veröffentlicht 02.04.2026 17:50:01
  • Zuletzt bearbeitet 07.04.2026 19:06:27

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

5.3

CVE-2026-26977

  • EPSS 0.01%
  • Veröffentlicht 20.02.2026 00:56:42
  • Zuletzt bearbeitet 20.02.2026 16:33:11

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is p...

5.3

CVE-2026-26031

  • EPSS 0.04%
  • Veröffentlicht 11.02.2026 21:32:15
  • Zuletzt bearbeitet 12.02.2026 17:11:21

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students ...

5.4

CVE-2026-23497

  • EPSS 0.04%
  • Veröffentlicht 14.01.2026 18:25:52
  • Zuletzt bearbeitet 16.01.2026 18:44:56

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendere...

5.4

CVE-2025-67734

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 19:48:58
  • Zuletzt bearbeitet 16.12.2025 21:34:55

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to a...

5.4

CVE-2025-67730

  • EPSS 0.04%
  • Veröffentlicht 12.12.2025 07:23:54
  • Zuletzt bearbeitet 15.12.2025 17:27:21

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch for...

6.5

CVE-2025-66581

  • EPSS 0.04%
  • Veröffentlicht 05.12.2025 18:26:20
  • Zuletzt bearbeitet 11.12.2025 00:08:39

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across mu...

5.4

CVE-2025-64707

  • EPSS 0.03%
  • Veröffentlicht 12.11.2025 22:27:54
  • Zuletzt bearbeitet 17.11.2025 19:20:49

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed ...

4.3

CVE-2025-64705

  • EPSS 0.03%
  • Veröffentlicht 12.11.2025 22:25:49
  • Zuletzt bearbeitet 17.11.2025 19:21:31

Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensur...