frappe/lms

採点内訳

※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。

過去の SecurityAdvisory (18 件)

• LOWGHSA-2x47-gr9q-w6fvCVE-2026-465462026/5/15
  HTML injection in user-controlled metadata
• CRITICALGHSA-mxh7-g3r7-g96hCVE-2026-394052026/5/15
  Path transversal in SCORM
• MEDIUMGHSA-9573-68xq-hwrxCVE-2026-394152026/4/7
  Client-Side Manipulation of Quiz Scores
• MEDIUMGHSA-qf5w-r34q-c7j2CVE-2026-346062026/3/31
  Stored XSS in Frappe LMS
• LOWGHSA-26vf-p39q-frx3CVE-2026-269772026/2/16
  Unauthorized users were able to get details of unpublished courses
• LOWGHSA-3gw9-gwjm-vcq5CVE-2026-260312026/2/11
  Unauthorised user was able to access the full list of batch enrolled students
• LOWGHSA-78mq-3whw-69j5CVE-2026-234972026/1/14
  Stored XSS via Unsanitized Image Filename in Course and Jobs Pages
• LOWGHSA-c495-qg4v-5vr7CVE-2025-677342025/12/11
  JavaScript was being executed through the Company Website field input of Job Form
• LOWGHSA-jjc4-j3hw-33h2CVE-2025-677302025/12/11
  HTML and JavaScript injection in description fields
• LOWGHSA-2ch7-c74m-432mCVE-2025-665812025/12/5
  Missing Server-Side Authorization in Business Logic
• LOWGHSA-w2gf-rchw-x6vmCVE-2025-647072025/11/11
  Revoking access did not show immediate effect as roles were cached
• LOWGHSA-qrvv-6g7r-g3v8CVE-2025-647052025/11/11
  User was able to access the submission of other students
• LOWGHSA-j6h8-qg65-3fpxCVE-2025-627792025/10/27
  Users were able to add HTML through input fields in the Job Form
• LOWGHSA-8xvv-6v89-xxgxCVE-2025-627782025/10/27
  Students were able to access the Quiz Form via direct URL
• LOWGHSA-h6fh-7f24-f2j5CVE-2025-621582025/10/10
  Attachments made by students to their assignments of type Text were public
• MEDIUMGHSA-h7gh-3vq5-96jxCVE-2025-594152025/9/17
  Potential for Malicious Content upload via Profile bio field
• MEDIUMGHSA-mvxw-r9x4-3vrrCVE-2025-550062025/8/8
  Potential for Malicious SVG Upload in Image Upload Feature
• MEDIUMGHSA-wvq3-3wvp-6x63CVE-2023-428072023/9/20
  Frappe LMS SQL Injection Issue on People Page