Primary

Context

Frappe Learning HTML Injection Vulnerability in Job Form

Vulnerability

Patched

A vulnerability in Frappe Learning versions through 2.39.1 allows users to inject HTML into input fields within the Job Form. This unescaped HTML is subsequently executed on the job page, potentially leading to cross-site scripting (XSS) attacks.

Impact

Exploitation of this vulnerability allows for cross-site scripting (XSS) attacks, where injected HTML is executed as script code on the page.

Remediation

Users can update to Frappe Learning version 2.40.1 or later, where this vulnerability has been fixed.

Added: Oct 27, 2025, 10:18 PM

Updated: Oct 27, 2025, 10:18 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

5.8

remediation

7.7

relevance

0.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Learning HTML Injection Vulnerability in Job Form

Vulnerability

Impact

Remediation

Affected Products

Frappe Learning

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating