CVE-2025-67730 | THREATINT

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.

PUBLISHED Reserved 2025-12-10 | Published 2025-12-12 | Updated 2025-12-12 | Assigner GitHub_M

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 2.42.0

affected

References

github.com/...pe/lms/security/advisories/GHSA-jjc4-j3hw-33h2

github.com/...ommit/0877e32e1bfe64831b875707241de1c449cda45c

cve.org (CVE-2025-67730)

nvd.nist.gov (CVE-2025-67730)

Download JSON