Frappe

Learning

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-62158

  • EPSS 0.07%
  • Veröffentlicht 10.10.2025 20:15:39
  • Zuletzt bearbeitet 20.10.2025 17:18:16

Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-up...

2.4

CVE-2025-11283

Exploit
  • EPSS 0.05%
  • Veröffentlicht 05.10.2025 05:15:31
  • Zuletzt bearbeitet 07.10.2025 20:37:57

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The explo...

6.1

CVE-2025-11282

Exploit
  • EPSS 0.05%
  • Veröffentlicht 05.10.2025 04:32:06
  • Zuletzt bearbeitet 07.10.2025 20:41:40

A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible....

5

CVE-2025-11281

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.10.2025 04:15:40
  • Zuletzt bearbeitet 07.10.2025 20:35:15

A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remote...

6.3

CVE-2025-11280

Exploit
  • EPSS 0.03%
  • Veröffentlicht 05.10.2025 03:32:06
  • Zuletzt bearbeitet 07.10.2025 20:35:01

A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rat...

5.4

CVE-2025-59415

  • EPSS 0.03%
  • Veröffentlicht 17.09.2025 21:15:38
  • Zuletzt bearbeitet 08.10.2025 17:15:10

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Ma...

8.8

CVE-2025-55006

  • EPSS 0.08%
  • Veröffentlicht 09.08.2025 02:01:57
  • Zuletzt bearbeitet 06.10.2025 20:18:18

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded Jav...

6.1

CVE-2023-5555

Exploit
  • EPSS 0.09%
  • Veröffentlicht 12.10.2023 11:15:23
  • Zuletzt bearbeitet 03.10.2025 17:36:07

Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.

9.8

CVE-2023-42807

  • EPSS 0.05%
  • Veröffentlicht 21.09.2023 17:15:23
  • Zuletzt bearbeitet 03.10.2025 17:36:07

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using th...