Vulnerability Description
A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The affected component should be upgraded. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Frappe | Learning | >= 2.34.0, <= 2.35.0 |
Related Weaknesses (CWE)
References
- https://gist.github.com/0xHamy/c2a81f2d1c779c513fa3db6f3ad24544#steps-to-reproduExploitThird Party Advisory
- https://github.com/frappe/lms/
- https://github.com/frappe/lms/security/advisories/GHSA-mvxw-r9x4-3vrrVendor Advisory
- https://vuldb.com/?ctiid.327016Permissions RequiredVDB Entry
- https://vuldb.com/?id.327016Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.659696ExploitThird Party AdvisoryVDB Entry
- https://gist.github.com/0xHamy/c2a81f2d1c779c513fa3db6f3ad24544#steps-to-reproduExploitThird Party Advisory
- https://vuldb.com/?submit.659696ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2025-11282?
CVE-2025-11282 is a vulnerability with a CVSS score of 2.4 (LOW). A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scrip...
How severe is CVE-2025-11282?
CVE-2025-11282 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11282?
Check the references section above for vendor advisories and patch information. Affected products include: Frappe Learning.