XSS in Frappe Lms

CVE-2025-67734

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (7.0th percentile) — read the EPSS interpretation.

Affected products

Frappe Lms — versions < 2.42.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/frappe/lms/security/advisories/GHSA-c495-qg4v-5vr7 (x_refsource_CONFIRM)
https://github.com/frappe/lms/commit/ca849da81558066d7614b9b6234004ff59c90632 (x_refsource_MISC)