Skip to main content

Lms

10 CVEs product

Monthly

CVE-2026-27404 HIGH This Week

Reflected Cross-Site Scripting in the designthemes LMS WordPress theme (versions 9.7 and earlier) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they open a crafted link. Reported by Patchstack, the flaw carries CVSS 7.1 with a scope change, reflecting cross-context impact; no public exploit is identified at time of analysis and it is not listed in CISA KEV.

XSS Lms
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-40457 LOW PATCH Monitor

Reflected XSS in LAN Management System (LMS) before commit 9c5651b allows network-positioned attackers to inject arbitrary JavaScript into the browsers of authenticated LMS users by crafting malicious links targeting the `dbrecover.php` and `netremap.php` modules. The `db`, `id`, and `mapto` GET parameters were directly concatenated into HTML anchor elements without sanitization, as confirmed by the upstream commit diff. No public exploit has been identified at time of analysis, exploitation is not confirmed in CISA KEV, and the CVSS 4.0 score of 2.1 reflects genuinely constrained impact due to the required victim interaction and specific attack preconditions.

PHP XSS Lms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.3%
CVE-2026-40456 HIGH PATCH This Week

OS command injection in LMS (LAN Management System) before commit 9fcb4de allows authenticated adjacent attackers to execute arbitrary operating system commands by supplying a malicious IP address parameter that is passed unsanitized to exec(). The flaw was reported by CERT-PL and an upstream fix is available; no public exploit identified at time of analysis, and the CVSS 4.0 score of 8.6 reflects high impact on the vulnerable system with limited subsequent-system effect.

Command Injection Lms
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.9%
CVE-2026-40455 HIGH PATCH This Week

Error-based SQL injection in LMS (LAN Management System) before commit 4cb30a7 allows authenticated attackers to extract sensitive database contents via the tarifflist.php module. The flaw stems from unsanitized concatenation of the POST tg[] array into a SQL query through implode(), and a CERT-PL-coordinated fix is upstream. No public exploit identified at time of analysis.

PHP SQLi Lms
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-46546 LOW Monitor

Metadata injection in Frappe LMS prior to version 2.53.0 enables authenticated users to embed crafted content into user-editable fields that, when reflected in page metadata, silently redirects visiting users' browsers to an attacker-controlled URL. Exploitation requires a low-privilege account (PR:L) and passive victim interaction (UI:P) - a target must visit a page containing the poisoned content. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; its CVSS 4.0 score of 2.1 reflects genuinely low severity, though the redirect capability carries downstream phishing and credential-harvesting risk.

Information Disclosure Lms
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-39405 CRITICAL PATCH Act Now

Path traversal in Frappe Learning Management System (LMS) versions 2.50.0 and below allows authenticated users with course-editing privileges to write arbitrary files outside the intended upload directory by uploading a maliciously crafted SCORM ZIP package. The CVSS 4.0 base score of 9.4 reflects high impact across confidentiality, integrity, and availability with scope change to subsequent systems, though exploitation requires low-privileged authentication. No public exploit identified at time of analysis.

Path Traversal Lms
NVD GitHub
CVSS 4.0
9.4
EPSS
0.0%
CVE-2026-39415 MEDIUM PATCH This Month

Frappe Learning Management System versions prior to 2.46.0 allow authenticated students to modify their own quiz scores via client-side manipulation using browser developer tools before submission. This vulnerability compromises the integrity of quiz results and academic reliability without enabling privilege escalation, unauthorized account access, or exposure of confidential information. The fix is available in version 2.46.0, and no public exploit code or active exploitation has been identified at the time of analysis.

Privilege Escalation Authentication Bypass Lms
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-34606 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Frappe Learning Management System versions 2.27.0 through 2.47.x allows unauthenticated remote attackers to inject and persist malicious scripts that execute in the browsers of other users. The vulnerability affects content structure functionality and has been patched in version 2.48.0. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Lms
NVD GitHub
CVSS 4.0
6.9
EPSS
0.0%
CVE-2024-25270 MEDIUM This Month

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Lms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2018-1000535 HIGH POC This Week

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected Cross-Site Scripting in the designthemes LMS WordPress theme (versions 9.7 and earlier) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they open a crafted link. Reported by Patchstack, the flaw carries CVSS 7.1 with a scope change, reflecting cross-context impact; no public exploit is identified at time of analysis and it is not listed in CISA KEV.

XSS Lms
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Reflected XSS in LAN Management System (LMS) before commit 9c5651b allows network-positioned attackers to inject arbitrary JavaScript into the browsers of authenticated LMS users by crafting malicious links targeting the `dbrecover.php` and `netremap.php` modules. The `db`, `id`, and `mapto` GET parameters were directly concatenated into HTML anchor elements without sanitization, as confirmed by the upstream commit diff. No public exploit has been identified at time of analysis, exploitation is not confirmed in CISA KEV, and the CVSS 4.0 score of 2.1 reflects genuinely constrained impact due to the required victim interaction and specific attack preconditions.

PHP XSS Lms
NVD GitHub VulDB
EPSS 1% CVSS 8.6
HIGH PATCH This Week

OS command injection in LMS (LAN Management System) before commit 9fcb4de allows authenticated adjacent attackers to execute arbitrary operating system commands by supplying a malicious IP address parameter that is passed unsanitized to exec(). The flaw was reported by CERT-PL and an upstream fix is available; no public exploit identified at time of analysis, and the CVSS 4.0 score of 8.6 reflects high impact on the vulnerable system with limited subsequent-system effect.

Command Injection Lms
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Error-based SQL injection in LMS (LAN Management System) before commit 4cb30a7 allows authenticated attackers to extract sensitive database contents via the tarifflist.php module. The flaw stems from unsanitized concatenation of the POST tg[] array into a SQL query through implode(), and a CERT-PL-coordinated fix is upstream. No public exploit identified at time of analysis.

PHP SQLi Lms
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Metadata injection in Frappe LMS prior to version 2.53.0 enables authenticated users to embed crafted content into user-editable fields that, when reflected in page metadata, silently redirects visiting users' browsers to an attacker-controlled URL. Exploitation requires a low-privilege account (PR:L) and passive victim interaction (UI:P) - a target must visit a page containing the poisoned content. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; its CVSS 4.0 score of 2.1 reflects genuinely low severity, though the redirect capability carries downstream phishing and credential-harvesting risk.

Information Disclosure Lms
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL PATCH Act Now

Path traversal in Frappe Learning Management System (LMS) versions 2.50.0 and below allows authenticated users with course-editing privileges to write arbitrary files outside the intended upload directory by uploading a maliciously crafted SCORM ZIP package. The CVSS 4.0 base score of 9.4 reflects high impact across confidentiality, integrity, and availability with scope change to subsequent systems, though exploitation requires low-privileged authentication. No public exploit identified at time of analysis.

Path Traversal Lms
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Frappe Learning Management System versions prior to 2.46.0 allow authenticated students to modify their own quiz scores via client-side manipulation using browser developer tools before submission. This vulnerability compromises the integrity of quiz results and academic reliability without enabling privilege escalation, unauthorized account access, or exposure of confidential information. The fix is available in version 2.46.0, and no public exploit code or active exploitation has been identified at the time of analysis.

Privilege Escalation Authentication Bypass Lms
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in Frappe Learning Management System versions 2.27.0 through 2.47.x allows unauthenticated remote attackers to inject and persist malicious scripts that execute in the browsers of other users. The vulnerability affects content structure functionality and has been patched in version 2.48.0. No public exploit code or active exploitation has been confirmed at time of analysis.

XSS Lms
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Lms
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy