CVE-2025-67730
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frappe | learning | From 2.0.0 (inc) to 2.42.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Frappe Learning Management System (LMS) versions prior to 2.42.0 allows authenticated users to inject malicious HTML and JavaScript code through the description fields in the Job, Course, and Batch forms. This can lead to cross-site scripting (XSS) attacks.
How can this vulnerability impact me? :
The vulnerability can allow attackers with authenticated access to execute malicious scripts in the context of the LMS application. This could lead to unauthorized actions, data theft, session hijacking, or defacement within the LMS environment.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Frappe Learning Management System (LMS) to version 2.42.0 or later, as this version fixes the vulnerability allowing authenticated users to add malicious HTML and JavaScript through description fields.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability on your system, you can check the version of the frappe LMS installed and verify if it is prior to version 2.42.0, which is vulnerable. Additionally, you can inspect the description fields in Job, Course, and Batch forms for the presence of malicious HTML or JavaScript code. Since this is a cross-site scripting (XSS) vulnerability exploitable by authenticated users, monitoring HTTP requests that submit data to these forms for suspicious script tags or event handlers can help detect exploitation attempts. For example, you can use curl or similar tools to fetch and inspect these fields or grep logs for suspicious payloads. Example commands: 1. Check version (if accessible via CLI or API): `frappe --version` or query the application version via API. 2. Search logs for suspicious input patterns: `grep -iE '<script|onerror|onload' /path/to/logs/*` 3. Use curl to fetch form data and inspect for scripts: `curl -s https://your-frappe-lms-instance/path/to/job-or-course | grep -i '<script'` Note that specific commands depend on your environment and access level. Upgrading to version 2.42.0 or later is the recommended mitigation. [1, 2]