Primary

Context

Frappe Learning Profile Bio Content Sanitization Vulnerability Allowing Script Execution

Vulnerability

Patched

A vulnerability exists in Frappe Learning versions 2.34.1 and below, where the profile bio content was not properly sanitized. This oversight allowed users to upload malicious SVG files that could execute arbitrary scripts in the context of other users.

Impact

Exploitation of this vulnerability could lead to the execution of arbitrary scripts in the context of other users.

Remediation

The vulnerability has been addressed in version 2.35.0. Users should update to this version to mitigate the issue.

Added: Sep 17, 2025, 9:22 PM

Updated: Sep 17, 2025, 9:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Learning Profile Bio Content Sanitization Vulnerability Allowing Script Execution

Vulnerability

Impact

Remediation

Affected Products

Frappe Learning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating