VYPR

Learning

by Frappe

Source repositories

CVEs (15)

  • CVE-2026-34606MedApr 2, 2026
    risk 0.33cvss 6.1epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

  • CVE-2025-11281MedOct 5, 2025
    risk 0.33cvss 5.0epss 0.00

    A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation leads to improper access controls. The attack may be launched remotely. This attack is…

  • CVE-2025-11280LowOct 5, 2025
    risk 0.24cvss 3.7epss 0.00

    A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The…

  • CVE-2026-39415MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on…

  • CVE-2025-11283LowOct 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly…

  • CVE-2025-11282LowOct 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made…

  • CVE-2026-26031Feb 11, 2026
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This…

  • CVE-2025-64707Nov 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring…

  • CVE-2025-64705Nov 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and…

  • CVE-2025-62779Oct 27, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.

  • CVE-2025-62778Oct 27, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.

  • CVE-2025-62158Oct 10, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public.…

  • CVE-2025-59415Sep 17, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be…

  • CVE-2025-55006Aug 9, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially…

  • CVE-2019-15775Aug 29, 2019
    risk 0.00cvss epss 0.01

    The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.