CNNVD-202509-2662 Information

CNNVD ID

CNNVD-202509-2662

Related CVE

CVE-2025-59415

• CNNVD Published: 2025-09-17

Description (Chinese)

Frappe Learning是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning 2.34.1及之前版本存在跨站脚本漏洞，该漏洞源于未充分清理个人简介中的上传内容，可能导致恶意SVG文件在其他用户环境中执行任意脚本。

Description (English)

Frappe Learning is an easy-to-use open-source learning management system for Frappe open sources. There is a cross-site script loophole in Frappe Learning 2.34.1 and earlier versions, which results from insufficient clean-up of uploads in the personal profile and may result in malicious SVG files being executed in any other user environment.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Frappe

Published

2025-09-17

Last Modified

2026-02-24

References

https://github.com/frappe/lms/commit/ed162e254690772365d4d1365f176b59bc4db72d https://github.com/frappe/lms/security/advisories/GHSA-h7gh-3vq5-96jx