← volver
CVE-2026-34606

Stored XSS in Frappe LMS

CVSS 6.9 MEDIUMEPSS 0.2%CWE-79
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
frappe · lms

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921https://github.com/frappe/lms/pull/2185https://github.com/frappe/lms/releases/tag/v2.48.0https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2