CVE-2026-34606

UNKNOWN View on NVD ↗

Description

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

References

https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921
https://github.com/frappe/lms/pull/2185
https://github.com/frappe/lms/releases/tag/v2.48.0
https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2

Published: Apr 02, 2026 18:16 UTC Modified: Apr 03, 2026 16:10 UTC