{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34606", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-30T17:15:52.500Z", "datePublished": "2026-04-02T17:50:01.153Z", "dateUpdated": "2026-04-03T13:02:34.097Z"}, "containers": {"cna": {"title": "Stored XSS in Frappe LMS", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2"}, {"name": "https://github.com/frappe/lms/pull/2185", "tags": ["x_refsource_MISC"], "url": "https://github.com/frappe/lms/pull/2185"}, {"name": "https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921", "tags": ["x_refsource_MISC"], "url": "https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921"}, {"name": "https://github.com/frappe/lms/releases/tag/v2.48.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/frappe/lms/releases/tag/v2.48.0"}], "affected": [{"vendor": "frappe", "product": "lms", "versions": [{"version": ">= 2.27.0, < 2.48.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T17:50:01.153Z"}, "descriptions": [{"lang": "en", "value": "Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0."}], "source": {"advisory": "GHSA-qf5w-r34q-c7j2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T13:02:25.521175Z", "id": "CVE-2026-34606", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:02:34.097Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34606", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T13:02:25.521175Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T13:02:29.999Z"}}], "cna": {"title": "Stored XSS in Frappe LMS", "source": {"advisory": "GHSA-qf5w-r34q-c7j2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "frappe", "product": "lms", "versions": [{"status": "affected", "version": ">= 2.27.0, < 2.48.0"}]}], "references": [{"url": "https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2", "name": "https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/frappe/lms/pull/2185", "name": "https://github.com/frappe/lms/pull/2185", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921", "name": "https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/frappe/lms/releases/tag/v2.48.0", "name": "https://github.com/frappe/lms/releases/tag/v2.48.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-02T17:50:01.153Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34606", "state": "PUBLISHED", "dateUpdated": "2026-04-03T13:02:34.097Z", "dateReserved": "2026-03-30T17:15:52.500Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-02T17:50:01.153Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*", "matchCriteriaId": "96D4B4F9-868F-4048-96A8-AD904B931806", "versionEndExcluding": "2.48.0", "versionStartIncluding": "2.27.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0."}], "id": "CVE-2026-34606", "lastModified": "2026-04-07T19:06:27.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-02T18:16:32.170", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/frappe/lms/commit/b8283860a7f029ea2fa0245131c398c079088921"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/frappe/lms/pull/2185"}, {"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/frappe/lms/releases/tag/v2.48.0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/frappe/lms/security/advisories/GHSA-qf5w-r34q-c7j2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[2.27.0,2.48.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "lms", "source": "cna", "vendor": "frappe"}, "product": "lms", "vendor": "frappe"}], "analysis": {"en": {"generated_at": "2026-04-07T21:43:31.932713+00:00", "value": {"mitigation_remediation": ["Upgrade Frappe LMS to version 2.48.0 or later to apply the official patch.", "Remove any legacy content that may contain previously injected malicious scripts to eliminate stored payloads.", "Review and monitor LMS activity logs for anomalous content submissions or suspicious script execution patterns."], "summary": {"action": "Patch Now", "impact": "Stored XSS"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Frappe LMS versions from 2.27.0 up to but not including 2.48.0. All installations running those releases are susceptible, regardless of configuration, because the application does not properly sanitize inputs for stored content.", "description_and_impact": "A stored cross\u2011site scripting vulnerability was discovered in Frappe Learning Management System. The flaw allows an attacker to inject malicious script that is permanently saved to the system and later executed in a victim\u2019s browser when they view the affected content. This can lead to arbitrary script execution and credential theft or session hijacking. The weakness corresponds to CWE\u201179, which describes unsanitized user input leading to script execution.", "risk_and_exploitability": "The CVSS base score of 6.9 places this issue in the medium to high impact range. The EPSS score is below 1%, indicating a low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, reducing the likelihood of active exploitation. Exploitation requires user interaction, such as an authenticated content creator or user with sufficient privileges inserting malicious payloads, and the attack vector is likely through the LMS content management interface."}}}}, "created": "2026-04-03T07:32:10.062568+00:00", "updated": "2026-04-08T19:55:27.184614+00:00", "vendors": ["frappe", "frappe$PRODUCT$lms"]}