CVE-2025-67730

medium

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.

References

https://github.com/frappe/lms/security/advisories/GHSA-jjc4-j3hw-33h2

https://github.com/frappe/lms/commit/0877e32e1bfe64831b875707241de1c449cda45c

Details

Source: Mitre, NVD

Published: 2025-12-12

Updated: 2025-12-15

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

CVSS v4

Base Score: 5.1

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00047