CVE-2025-67734 in LMSinfo

Zusammenfassung

von MITRE • 12.12.2025

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed in the browsers of users who opened the malicious job posting. This issue is fixed in version 2.42.0.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

11.12.2025

Veröffentlichung

12.12.2025

Moderieren

akzeptiert

Eintrag

VDB-336292

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

5.4 (NVD)

EPSS

0.00024

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-67734
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-67734
CVE Details	https://www.cvedetails.com/cve/CVE-2025-67734/

◂ Zurück Übersicht Weiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!