CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5555 – Cross-site Scripting (XSS) - Generic in frappe/lms
https://notcve.org/view.php?id=CVE-2023-5555
12 Oct 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. Cross-Site Scripting (XSS) genérico en el repositorio de GitHub frappe/lms anterior a 5614a6203fb7d438be8e2b1e3030e4528d170ec4. • https://github.com/frappe/lms/commit/5614a6203fb7d438be8e2b1e3030e4528d170ec4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42807 – Frappe LMS SQL Injection Issue on People Page
https://notcve.org/view.php?id=CVE-2023-42807
21 Sep 2023 — Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app. Frappe LMS es un sistema de gestión de aprendizaje de código abierto. • https://github.com/frappe/lms/security/advisories/GHSA-wvq3-3wvp-6x63 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •