PT-2025-40794 · Frappe · Frappe Lms
0Xhamy
·
Published
2025-10-05
·
Updated
2025-10-05
·
CVE-2025-11283
CVSS v2.0
3.3
Low
| Vector | AV:N/AC:L/Au:M/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Frappe LMS version 2.35.0
Description
A flaw exists in Frappe LMS that allows for cross site scripting. This issue is related to the Course Handler component and involves manipulation of the
Description argument. The attack can be carried out remotely. The exploit has been publicly disclosed.Recommendations
Upgrade the affected component.
Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Frappe Lms