CVE-2025-11283
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. It is suggested to upgrade the affected component. The vendor was informed early about a total of four security issues and confirmed that those have been fixed. However, the release notes on GitHub do not mention them.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11283
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
frappe learning 2.35.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11283 is a stored cross-site scripting (XSS) vulnerability in Frappe LMS version 2.35.0, specifically in the course description field when accessed in instructor edit mode. The application does not properly sanitize user input in the course description, allowing an attacker with course creation or editing privileges to inject malicious JavaScript code. This code executes in the browsers of instructors or administrators who view the affected course in edit mode, potentially leading to session hijacking, privilege escalation, and data exfiltration such as cookies, user roles, and email addresses. [1, 3]

Impact Analysis

This vulnerability can lead to persistent cross-site scripting attacks targeting privileged users like instructors and administrators. Exploitation can result in session hijacking, account takeover, privilege escalation, and exfiltration of sensitive data including cookies, user roles, and email addresses. Because the malicious script is stored in the course description, the risk persists whenever the course is edited or viewed in edit mode by authorized users. [1, 3]

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious scripts injected into the course description field in Frappe LMS version 2.35.0, especially when accessed in instructor edit mode. Detection involves reviewing course descriptions for suspicious HTML or JavaScript payloads such as <img src=x onerror=alert(document.cookie)>. Since the exploit requires course creation or editing privileges, monitoring logs for unusual course creation or editing activities by users with the 'Course Creator' role can help. There is a publicly available proof-of-concept exploit that can be used to test the vulnerability. Specific commands are not provided in the resources, but manual inspection or automated scanning of course description fields for script tags or event handlers can be used. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include upgrading the affected Frappe LMS component to a version where the vulnerability is fixed. Additionally, implement strict server-side input sanitization to neutralize dangerous HTML and JavaScript in course description fields. Use whitelist-based HTML filtering to allow only safe tags such as <p>, <b>, and <i>. Adding Content Security Policy (CSP) headers is also recommended to limit the impact of any injected scripts. Restrict course creation and editing privileges to trusted users only. [1, 3, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11283. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart