Primary

Context

Frappe Learning Management System Quiz Score Manipulation Vulnerability

Vulnerability

Patched

A vulnerability exists in Frappe Learning Management System (LMS) versions prior to 2.46.0, allowing students to alter quiz scores before submission. The issue arises because the application depends on client-side score calculations, which can be modified using browser developer tools before the submission request is sent. Although this vulnerability does not enable changes to other users' data or privilege escalation, it undermines the integrity of quiz results and academic reliability. The vulnerability affects data integrity but does not leak confidential information or permit unauthorized access to other accounts.

Impact

Exploitation of this vulnerability allows for unauthorized modification of quiz scores, disrupting the accuracy of academic assessments.

Remediation

Users can upgrade to Frappe Learning Management System version 2.46.0 or later to address this vulnerability.

Added: Apr 8, 2026, 10:26 PM

Updated: Apr 8, 2026, 10:26 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

5.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

5.4

remediation

7.7

relevance

5.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frappe Learning Management System Quiz Score Manipulation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Frappe Learning Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating