CNNVD-202510-3455 Information

CNNVD ID

CNNVD-202510-3455

Related CVE

CVE-2025-62779

• CNNVD Published: 2025-10-27

Description (Chinese)

Frappe Learning是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning 2.39.1及之前版本存在跨站脚本漏洞，该漏洞源于允许通过Job Form输入字段添加HTML，可能导致跨站脚本攻击。

Description (English)

Frappe Learning is an easy-to-use open-source learning management system for Frappe open sources. There is a cross-site script loophole in Frappe Learning 2.39.1 and earlier versions, which stems from allowing HTML to be added through the Job Form input field, which may lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/frappe/lms/security/advisories/GHSA-j6h8-qg65-3fpx https://github.com/frappe/lms/commit/75001b494d5d8198eab20b0cd85d5bd719448ea3 https://access.redhat.com/security/cve/cve-2025-62779

Patch

https://github.com/frappe/lms/releases