CVE-2026-34606

UNKNOWN 0.0

Stored XSS in Frappe LMS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.

CWE	CWE-79
Vendor	frappe
Product	lms
Published	Apr 2, 2026
Last Updated	Apr 3, 2026

Stay Ahead of the Next One

Get instant alerts for frappe lms

Be the first to know when new unknown vulnerabilities affecting frappe lms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

frappe / lms

>= 2.27.0, < 2.48.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2 github.com: https://github.com/frappe/lms/pull/2185 github.com: https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921 github.com: https://github.com/frappe/lms/releases/tag/v2.48.0