Learning
CVE-2023-5555
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.
AnalysisAI
Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. Affected products include: Frappe Learning. Version information: prior to 5614.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Frappe LMS is an open source learning management system. Rated critical severity (CVSS 9.8), this vulnerability is remot
Information disclosure vulnerability in Frappe LMS 2.35.0 allows remote unauthenticated attackers to access sensitive as
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.41.0,
Cross-site scripting (XSS) in Frappe LMS 2.35.0 Course Handler allows authenticated users with high privileges to inject
Frappe Learning Management System versions 2.44.0 and earlier contain a stored cross-site scripting (XSS) vulnerability
Frappe LMS 2.35.0 contains improper access controls in the Unpublished Course Handler component at the /courses/ endpoin
Frappe Learning Management System versions prior to 2.44.0 contain an information disclosure vulnerability that allows u
Frappe Learning Management System versions 2.44.0 and below allow unauthenticated attackers to retrieve sensitive detail
Frappe Learning is a learning system that helps users structure their content. Rated medium severity (CVSS 4.6), this vu
Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.2), this vulne
Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.3), this vulne
Frappe Learning is a learning system that helps users structure their content. Rated medium severity (CVSS 4.3), this vu
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today