CVE-2025-11283 | Frappe LMS 2.35.0 Course Description cross site scripting

A vulnerability was found in Frappe LMS 2.35.0 and classified as problematic. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting.

This vulnerability is handled as CVE-2025-11283. The attack can be executed remotely. Additionally, an exploit exists.

It is suggested to upgrade the affected component.

The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.VulDB Recent EntriesRead More