Vulnerability Database

314,373

Total vulnerabilities in the database

CVE-2025-67730

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.

Published: Dec 12, 2025
Updated: Dec 17, 2025
CVE: CVE-2025-67730
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
frappe / learning	2.0.0	2.42.0

https://github.com/frappe/lms/commit/0877e32e1bfe64831b875707241de1c449cda45c
https://github.com/frappe/lms/security/advisories/GHSA-jjc4-j3hw-33h2

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo