CVE-2025-11283 — LOW (2.4) — White Hats Nepal

Vulnerability Description

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

CVSS Score

2.4

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Frappe	Learning	2.35.0

Related Weaknesses (CWE)

CWE-94 CWE-79

References

https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3daExploitThird Party Advisory
https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3da#steps-to-reproduExploitThird Party Advisory
https://vuldb.com/?ctiid.327017Permissions RequiredVDB Entry
https://vuldb.com/?id.327017Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.659697ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2025-11283?

CVE-2025-11283 is a vulnerability with a CVSS score of 2.4 (LOW). A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripti...

How severe is CVE-2025-11283?

CVE-2025-11283 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-11283?

Check the references section above for vendor advisories and patch information. Affected products include: Frappe Learning.