CVE-2025-62779
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-27
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frappe | learning | From 2.0.0 (inc) to 2.39.2 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
In Frappe Learning version 2.39.1 and earlier, users could insert HTML code through input fields in the Job Form, which may lead to security issues such as improper handling of user input.
How can this vulnerability impact me? :
This vulnerability could allow users to inject HTML content via the Job Form input fields, potentially leading to security risks like cross-site scripting (XSS) or other unintended behaviors affecting the application's integrity or user experience.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70