CVE-2025-11282

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Frappe LMS versions 2.34.x through 2.35.0

Description A cross site scripting issue exists in Frappe LMS. Manipulation of an unknown function within the component Incomplete Fix can lead to remote exploitation. The exploit is publicly available.

Recommendations Upgrade the affected component.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-11282

GHSA-MVXW-R9X4-3VRR

Affected Products

Lms

Learning

CVE-2025-11282

Weakness Enumeration

Related Identifiers

Affected Products

References · 12