CNNVD-202508-812 Information

CNNVD ID

CNNVD-202508-812

Related CVE

CVE-2025-55006

• CNNVD Published: 2025-08-09

Description (Chinese)

Frappe Learning是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning 2.33.0及之前版本存在输入验证错误漏洞，该漏洞源于上传的SVG文件清理不足，可能导致执行任意脚本。

Description (English)

Frappe Learning is an easy-to-use open-source learning management system for Frappe open sources. Frappe Learning 2.3.3.0 and previous versions had input authentication error holes, which stemmed from inadequate clean-up of uploaded SVG files and could lead to the execution of any script.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

Frappe

Published

2025-08-09

Last Modified

2026-02-24

References

https://github.com/frappe/lms/security/advisories/GHSA-mvxw-r9x4-3vrr https://access.redhat.com/security/cve/cve-2025-55006

Patch

https://github.com/frappe/lms/releases