2 matches found
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0...
PT-2025-50968
Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated attackers to inject JavaScript code through the Company Website field within the Job Form. This can lead to a...