A vulnerability was determined in Frappe LMS 2.35.0 affecting the Course Handler component. Manipulating the argument Description can lead to cross site scripting, enabling remote execution of attacks. The vendor was informed about this and three other security issues, which have been fixed, although they are not mentioned in GitHub release notes.
CVE-2025-11283
🔵 Low
CVE-2025-11283: Vulnerability in Frappe LMS 2.35.0
A vulnerability in Frappe LMS 2.35.0 affects the Course Handler, allowing for cross site scripting via argument manipulation. Remote execution is possible.
CVE ID
CVE-2025-11283
CVSS Score
2.4
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11283
- Severity
- Low
- CVSS v3 Score
- 2.4 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners