Skip to main content

Learning CVE-2023-5555

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-10-12 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 12, 2023 - 11:15 nvd
MEDIUM 6.1

DescriptionNVD

Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.

AnalysisAI

Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. Affected products include: Frappe Learning. Version information: prior to 5614.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-42807 CRITICAL
9.8 Sep 21

Frappe LMS is an open source learning management system. Rated critical severity (CVSS 9.8), this vulnerability is remot

CVE-2025-11280 LOW POC
2.9 Oct 05

Information disclosure vulnerability in Frappe LMS 2.35.0 allows remote unauthenticated attackers to access sensitive as

CVE-2025-66581 MEDIUM
6.5 Dec 05

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0,

CVE-2025-11283 LOW POC
1.9 Oct 05

Cross-site scripting (XSS) in Frappe LMS 2.35.0 Course Handler allows authenticated users with high privileges to inject

CVE-2026-23497 MEDIUM
5.4 Jan 14

Frappe Learning Management System versions 2.44.0 and earlier contain a stored cross-site scripting (XSS) vulnerability

CVE-2025-11281 LOW POC
1.3 Oct 05

Frappe LMS 2.35.0 contains improper access controls in the Unpublished Course Handler component at the /courses/ endpoin

CVE-2026-26031 MEDIUM
5.3 Feb 11

Frappe Learning Management System versions prior to 2.44.0 contain an information disclosure vulnerability that allows u

CVE-2026-26977 MEDIUM
5.3 Feb 20

Frappe Learning Management System versions 2.44.0 and below allow unauthenticated attackers to retrieve sensitive detail

CVE-2025-59415 MEDIUM
4.6 Sep 17

Frappe Learning is a learning system that helps users structure their content. Rated medium severity (CVSS 4.6), this vu

CVE-2025-64707 LOW
1.2 Nov 12

Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.2), this vulne

CVE-2025-64705 LOW
1.3 Nov 12

Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.3), this vulne

CVE-2025-55006 MEDIUM
4.3 Aug 09

Frappe Learning is a learning system that helps users structure their content. Rated medium severity (CVSS 4.3), this vu

Share

CVE-2023-5555 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy