XSS in Frappe Lms

CVE-2025-62779

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (7.5th percentile) — read the EPSS interpretation.

Affected products

Frappe Lms — versions <= 2.39.1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/frappe/lms/security/advisories/GHSA-j6h8-qg65-3fpx (x_refsource_CONFIRM)
https://github.com/frappe/lms/commit/75001b494d5d8198eab20b0cd85d5bd719448ea3 (x_refsource_MISC)