Jannat Patel

7 exploits Active since Oct 2023
CVE-2023-5555 WRITEUP MEDIUM WRITEUP
frappe/learning - Cross-Site Scripting
Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.
CVSS 6.1
CVE-2025-59415 WRITEUP MEDIUM WRITEUP
Frappe Learning < 2.35.0 - Stored Cross-Site Scripting via Profile Bio SVG Upload
Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute arbitrary scripts in the context of other users.
CVSS 4.6
CVE-2025-62158 WRITEUP MEDIUM WRITEUP
Frappe Learning < 2.38.0 - Unauthenticated Exposure of Sensitive Information via Assignment Attachment Storage
Frappe Learning is a learning system that helps users structure their content. In versions prior to 2.38.0, the system did stored the attachments uploaded by the students in their assignments as public files. This issue potentially exposed student-uploaded files to the public. Anyone with the file URL could access these files without authentication. The issue has been fixed in version 2.38.0 by ensuring all student-uploaded assignment attachments are stored as private files by default.
CVSS 5.3
CVE-2025-62778 WRITEUP MEDIUM WRITEUP
Frappe Learning <2.39.1 - Info Disclosure
Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if they had the URL.
CVSS 5.3
CVE-2025-62779 WRITEUP MEDIUM WRITEUP
Frappe Learning < 2.39.2 - Stored Cross-Site Scripting via Job Form Input
Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.
CVSS 5.4
CVE-2025-67734 WRITEUP MEDIUM WRITEUP
Frappe Learning Management System 2.0.0-2.41.9 - Stored XSS via Job Form Company Website Field
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed in the browsers of users who opened the malicious job posting. This issue is fixed in version 2.42.0.
CVSS 5.4
CVE-2026-23497 WRITEUP MEDIUM WRITEUP
Frappe Learning Management System 2.0.0-2.44.0 - Stored Cross-Site Scripting via Image Filename
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages.
CVSS 5.4