CVE-2025-11283
Last modified
CVE-2025-11283 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. EPSS estimates a 0.37% chance of exploitation in the next 30 days.
Description
A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Frappe | Learning | 2.35.0 |
References
- https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3daExploit, Third Party Advisory
- https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3da#steps-to-reproduceExploit, Third Party Advisory
- https://vuldb.com/?ctiid.327017Permissions Required, VDB Entry
- https://vuldb.com/?id.327017Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.659697Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-11283?
How severe is CVE-2025-11283?
How do I fix CVE-2025-11283?
Are you affected by CVE-2025-11283?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST