VYPR
Unrated severityNVD Advisory· Published Dec 12, 2025· Updated Dec 18, 2025

Frappe authenticated users can execute XSS through form description fields

CVE-2025-67730

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.