VYPR

Lms

by Frappe

Source repositories

CVEs (43)

  • CVE-2025-11282LowOct 5, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made…

  • CVE-2026-46546LowJun 10, 2026
    risk 0.07cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors'…

  • CVE-2026-30882Mar 16, 2026
    risk 0.00cvss epss 0.00

    Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page. The keyword parameter from $_REQUEST is echoed directly into an HTML href attribute without any…

  • CVE-2026-30881Mar 16, 2026
    risk 0.00cvss epss 0.00

    Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date_start and date_end from $_REQUEST are embedded directly into a raw SQL string without proper sanitization. Although…

  • CVE-2026-29041Mar 6, 2026
    risk 0.00cvss epss 0.01

    Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads…

  • CVE-2026-26977Feb 20, 2026
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release.

  • CVE-2026-26031Feb 11, 2026
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This…

  • CVE-2025-69581Jan 16, 2026
    risk 0.00cvss epss 0.00

    An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personal_data endpoint exposes full sensitive user information even after logout because proper cache-control is missing. Using the browser back button restores all personal data, allowing unauthorized users on…

  • CVE-2026-23497Jan 14, 2026
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages.

  • CVE-2025-67734Dec 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script…

  • CVE-2025-67730Dec 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in…

  • CVE-2025-66581Dec 5, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the…

  • CVE-2025-65676Nov 26, 2025
    risk 0.00cvss epss 0.00

    Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.

  • CVE-2025-65675Nov 26, 2025
    risk 0.00cvss epss 0.00

    Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

  • CVE-2025-64707Nov 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins revoked a role from the user, the effect was not immediate because of caching. The issue has been fixed in version 2.41.0 by ensuring…

  • CVE-2025-64705Nov 12, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and…

  • CVE-2025-62779Oct 27, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.

  • CVE-2025-62778Oct 27, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.

  • CVE-2025-62158Oct 10, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public.…

  • CVE-2025-59415Sep 17, 2025
    risk 0.00cvss epss 0.00

    Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be…