Unrated severityNVD Advisory· Published Oct 27, 2025· Updated Oct 28, 2025

Frappe Learning users were able to add HTML through input fields in the Job Form

CVE-2025-62779

Description

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.

Affected products

Frappe/Lmsv5
Range: <= 2.39.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/frappe/lms/commit/75001b494d5d8198eab20b0cd85d5bd719448ea3mitrex_refsource_MISC
github.com/frappe/lms/security/advisories/GHSA-j6h8-qg65-3fpxmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000