QwikSec

Security Database

CVE

CWE

Training

CVE-2025-67730

Published: Dec 12, 2025

Modified: Dec 18, 2025

PUBLISHED

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allow authenticated users to add malicious HTML and JavaScript through description fields in the Job, Course and Batch forms. This issue is fixed in version 2.42.0.

Vendor	Product	Versions
frappe	lms	affected `< 2.42.0`

Weaknesses (CWE)

References

https://github.com/frappe/lms/security/advisories/GHSA-jjc4-j3hw-33h2

x_refsource_CONFIRM

https://github.com/frappe/lms/commit/0877e32e1bfe64831b875707241de1c449cda45c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.