Primary

Context

Frappe Learning Quiz Form Access Vulnerability

Vulnerability

Patched

A vulnerability in Frappe Learning versions through 2.39.1 allows students to access the Quiz Form via direct URL. This access includes visibility of all quiz details, such as questions and answers.

Impact

Exploitation of this vulnerability allowed unauthorized access to quiz information, including all questions and answers.

Remediation

The vulnerability has been patched in Frappe Learning version 2.40.1. Users should update to this version. Instructions for updating can be found in the Frappe Learning repository.

Added: Oct 27, 2025, 10:19 PM

Updated: Oct 27, 2025, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.5

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

7.5

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Learning Quiz Form Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Frappe Learning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating