Frappe Learning users were able to add HTML through input...

1.2 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

Description

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.

Basic Information

ID CVE-2025-62779

Source GitHub_M

Published Oct 27, 2025 at 21:19

Affected Product

Vendor frappe

Product lms

Version <= 2.39.1

Affected Versions frappe lms <= 2.39.1

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.",
    "published": "2025-10-27T21:19:03.978Z",
    "modified": "2025-10-27T21:19:03.978Z",
    "type": "cve",
    "title": "Frappe Learning users were able to add HTML through input fields in the Job Form",
    "source": "GitHub_M",
    "references": "https://github.com/frappe/lms/security/advisories/GHSA-j6h8-qg65-3fpx\nhttps://github.com/frappe/lms/commit/75001b494d5d8198eab20b0cd85d5bd719448ea3",
    "id": "CVE-2025-62779",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "frappe lms <= 2.39.1",
    "sourceHref": "",
    "cvss": {
        "score": 1.2,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "lms",
    "version": "<= 2.39.1",
    "vendor": "frappe",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Frappe Learning users were able to add HTML through input fields in the Job Form_CVE-2025-62779