PT-2025-38279 · Unknown · Frappe Learning
Sudip Roy
+1
·
Published
2025-09-17
·
Updated
2025-09-18
·
CVE-2025-59415
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Frappe Learning versions 2.34.1 and below
Description
Frappe Learning does not adequately sanitize content uploaded in the profile bio. This allows for the execution of arbitrary scripts in the context of other users through malicious SVG files.
Recommendations
Versions prior to 2.34.1 should be updated.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Frappe Learning