← back
CVE-2026-34606

Stored XSS in Frappe LMS

CVSS 6.9 MEDIUMEPSS 0.2%CWE-79
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Affected products
frappe · lms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921https://github.com/frappe/lms/pull/2185https://github.com/frappe/lms/releases/tag/v2.48.0https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2