CVE-2025-11282
BaseFortify
Publication date: 2025-10-05
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frappe | learning | From 2.34.0 (inc) to 2.35.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11282 is a stored cross-site scripting (XSS) vulnerability in Frappe LMS versions 2.34.x and 2.35.0. It occurs because the application improperly handles uploaded HTML and SVG files, allowing attackers to bypass file-type restrictions by switching the file filter from "Image Files" to "All Files" and uploading malicious payloads. Although the user interface shows error messages, these files are still saved on the server. When users or administrators view these files, arbitrary JavaScript executes in their browsers, enabling attackers to steal sensitive information such as user emails, administrator status, and full names. This can lead to session hijacking, user impersonation, and privilege escalation. The vulnerability is an incomplete fix of a previous issue (CVE-2025-55006) and persists due to insufficient backend validation. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript in the browsers of users or administrators who view the malicious uploaded files. This can lead to theft of sensitive data such as email addresses, administrator status, and full names. Consequently, attackers can hijack sessions, impersonate users, escalate privileges, and maintain persistent access to the system. The stored nature of the XSS means the risk remains as long as the malicious files exist on the server, threatening user confidentiality and application integrity. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for malicious HTML or SVG file uploads that bypass file-type restrictions in Frappe LMS 2.35.0. Detection involves checking for files uploaded with the file filter switched from "Image Files" to "All Files" and verifying if such files are saved despite error messages. You can also look for suspicious JavaScript execution when viewing uploaded files. Specific commands are not provided in the resources, but monitoring file uploads and reviewing server logs for unexpected HTML or SVG files, as well as inspecting user activity related to assignment uploads, can help detect exploitation attempts. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include enforcing strict server-side validation to reject non-image files, sanitizing or disallowing HTML and SVG file uploads, and implementing Content Security Policy (CSP) headers to reduce the impact of cross-site scripting attacks. Additionally, upgrading Frappe LMS to a fixed version that addresses this vulnerability is recommended. [1, 2, 3]