Vulnerability Details CVE-2026-34606
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.6%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2026-34606
-
cpe:2.3:a:frappe:learning:2.27.0
-
cpe:2.3:a:frappe:learning:2.28.0
-
cpe:2.3:a:frappe:learning:2.28.1
-
cpe:2.3:a:frappe:learning:2.29.0
-
cpe:2.3:a:frappe:learning:2.30.0
-
cpe:2.3:a:frappe:learning:2.31.0
-
cpe:2.3:a:frappe:learning:2.32.0
-
cpe:2.3:a:frappe:learning:2.32.1
-
cpe:2.3:a:frappe:learning:2.32.2
-
cpe:2.3:a:frappe:learning:2.33.0
-
cpe:2.3:a:frappe:learning:2.34.0
-
cpe:2.3:a:frappe:learning:2.34.1
-
cpe:2.3:a:frappe:learning:2.35.0
-
cpe:2.3:a:frappe:learning:2.36.0
-
cpe:2.3:a:frappe:learning:2.37.0
-
cpe:2.3:a:frappe:learning:2.38.0
-
cpe:2.3:a:frappe:learning:2.39.0
-
cpe:2.3:a:frappe:learning:2.39.1
-
cpe:2.3:a:frappe:learning:2.39.2
-
cpe:2.3:a:frappe:learning:2.40.0
-
cpe:2.3:a:frappe:learning:2.41.0
-
cpe:2.3:a:frappe:learning:2.42.0
-
cpe:2.3:a:frappe:learning:2.43.0
-
cpe:2.3:a:frappe:learning:2.44.0
-
cpe:2.3:a:frappe:learning:2.45.0
-
cpe:2.3:a:frappe:learning:2.45.1
-
cpe:2.3:a:frappe:learning:2.45.2
-
cpe:2.3:a:frappe:learning:2.46.0
-
cpe:2.3:a:frappe:learning:2.47.0