CVE-2026-34606

Published: Apr 2, 2026

Modified: Apr 3, 2026

PUBLISHED

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

Vendor	Product	Versions
frappe	lms	affected `>= 2.27.0, < 2.48.0`

Weaknesses (CWE)

CWE-79

References

https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2

x_refsource_CONFIRM

https://github.com/frappe/lms/pull/2185

x_refsource_MISC

https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921

x_refsource_MISC

https://github.com/frappe/lms/releases/tag/v2.48.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-34606

Description

Affected Products

Weaknesses (CWE)

References