CVE-2025-11282 | Frappe LMS 2.34.x/2.35.0 Incomplete Fix CVE-2025-55006 cross site scripting (GHSA-mvxw-r9x4-3vrr)

A vulnerability has been found in Frappe LMS 2.34.x/2.35.0 and classified as problematic. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting.

This vulnerability is known as CVE-2025-11282. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The affected component should be upgraded.

The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.VulDB Recent EntriesRead More