CNNVD-202512-2315 Information

Dec 12, 2025 cve

CNNVD ID

CNNVD-202512-2315

CVE-2025-67734

CNNVD Published: 2025-12-12

Description (Chinese)

Frappe Learning Management System是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning Management System 2.42.0之前版本存在跨站脚本漏洞，该漏洞源于Job Form中Company Website字段可注入JavaScript，可能导致跨站脚本攻击。

Description (English)

Frappe Learning Management System is an easy-to-use open-source learning management system for Frappe open sources. There is a cross-site script loophole in the pre-Frappe Learning Management System 2.42.0, which stems from the fact that the Company Website field in Job Form can be injected into JavaScript, which could lead to a cross-stop script attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Frappe

Published

2025-12-12

Last Modified

2026-02-24

References

https://github.com/frappe/lms/commit/ca849da81558066d7614b9b6234004ff59c90632 https://github.com/frappe/lms/security/advisories/GHSA-c495-qg4v-5vr7

Patch

https://github.com/frappe/lms/releases

Share on: