CVE-2026-34606

Sažetak

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

Reference

https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921
https://github.com/frappe/lms/pull/2185
https://github.com/frappe/lms/releases/tag/v2.48.0
https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

07-04-2026 - 19:06

Objavljeno

02-04-2026 - 18:16