← voltar
CVE-2026-34606

Stored XSS in Frappe LMS

CVSS 6.9 MEDIUMEPSS 0.2%CWE-79
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
frappe · lms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921https://github.com/frappe/lms/pull/2185https://github.com/frappe/lms/releases/tag/v2.48.0https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2