CVE-2025-11283

Frappe LMS Course cross site scripting

Description

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.

INFO

Published Date :

2025-10-05T05:02:06.329Z

Last Modified :

2025-10-06T20:07:29.456Z

Source :

VulDB

AFFECTED PRODUCTS

The following products are affected by CVE-2025-11283 vulnerability.

Vendors	Products
Frappe	Frappe Lms Learning

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11283.

URL	Resource
https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3da
https://gist.github.com/0xHamy/1f99795df9301a95ee0c6d18028cd3da#steps-to-reproduce
https://vuldb.com/?ctiid.327017
https://vuldb.com/?id.327017
https://vuldb.com/?submit.659697

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Detailed values of each vector for above chart.

Access Vector

Access Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact