Security: frappe/lms
Security Advisories
View information about security vulnerabilities from this repository's maintainers.
-
HTML injection in user-controlled metadataGHSA-2x47-gr9q-w6fv published
May 15, 2026 by raizasafeelLow -
Path transversal in SCORMGHSA-mxh7-g3r7-g96h published
May 15, 2026 by raizasafeelCritical -
Stored XSS in Frappe LMSGHSA-qf5w-r34q-c7j2 published
Mar 31, 2026 by raizasafeelModerate -
Client-Side Manipulation of Quiz ScoresGHSA-9573-68xq-hwrx published
Apr 7, 2026 by pateljannatModerate -
Unauthorized users were able to get details of unpublished coursesGHSA-26vf-p39q-frx3 published
Feb 16, 2026 by pateljannatLow -
Unauthorised user was able to access the full list of batch enrolled studentsGHSA-3gw9-gwjm-vcq5 published
Feb 11, 2026 by raizasafeelLow -
Stored XSS via Unsanitized Image Filename in Course and Jobs PagesGHSA-78mq-3whw-69j5 published
Jan 14, 2026 by pateljannatLow -
HTML and JavaScript injection in description fieldsGHSA-jjc4-j3hw-33h2 published
Dec 11, 2025 by pateljannatLow -
JavaScript was being executed through the Company Website field input of Job FormGHSA-c495-qg4v-5vr7 published
Dec 11, 2025 by pateljannatLow -
Missing Server-Side Authorization in Business LogicGHSA-2ch7-c74m-432m published
Dec 5, 2025 by pateljannatLow