Lms
Monthly
Reflected Cross-Site Scripting in the designthemes LMS WordPress theme (versions 9.7 and earlier) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they open a crafted link. Reported by Patchstack, the flaw carries CVSS 7.1 with a scope change, reflecting cross-context impact; no public exploit is identified at time of analysis and it is not listed in CISA KEV.
Reflected XSS in LAN Management System (LMS) before commit 9c5651b allows network-positioned attackers to inject arbitrary JavaScript into the browsers of authenticated LMS users by crafting malicious links targeting the `dbrecover.php` and `netremap.php` modules. The `db`, `id`, and `mapto` GET parameters were directly concatenated into HTML anchor elements without sanitization, as confirmed by the upstream commit diff. No public exploit has been identified at time of analysis, exploitation is not confirmed in CISA KEV, and the CVSS 4.0 score of 2.1 reflects genuinely constrained impact due to the required victim interaction and specific attack preconditions.
OS command injection in LMS (LAN Management System) before commit 9fcb4de allows authenticated adjacent attackers to execute arbitrary operating system commands by supplying a malicious IP address parameter that is passed unsanitized to exec(). The flaw was reported by CERT-PL and an upstream fix is available; no public exploit identified at time of analysis, and the CVSS 4.0 score of 8.6 reflects high impact on the vulnerable system with limited subsequent-system effect.
Error-based SQL injection in LMS (LAN Management System) before commit 4cb30a7 allows authenticated attackers to extract sensitive database contents via the tarifflist.php module. The flaw stems from unsanitized concatenation of the POST tg[] array into a SQL query through implode(), and a CERT-PL-coordinated fix is upstream. No public exploit identified at time of analysis.
Metadata injection in Frappe LMS prior to version 2.53.0 enables authenticated users to embed crafted content into user-editable fields that, when reflected in page metadata, silently redirects visiting users' browsers to an attacker-controlled URL. Exploitation requires a low-privilege account (PR:L) and passive victim interaction (UI:P) - a target must visit a page containing the poisoned content. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; its CVSS 4.0 score of 2.1 reflects genuinely low severity, though the redirect capability carries downstream phishing and credential-harvesting risk.
Path traversal in Frappe Learning Management System (LMS) versions 2.50.0 and below allows authenticated users with course-editing privileges to write arbitrary files outside the intended upload directory by uploading a maliciously crafted SCORM ZIP package. The CVSS 4.0 base score of 9.4 reflects high impact across confidentiality, integrity, and availability with scope change to subsequent systems, though exploitation requires low-privileged authentication. No public exploit identified at time of analysis.
Frappe Learning Management System versions prior to 2.46.0 allow authenticated students to modify their own quiz scores via client-side manipulation using browser developer tools before submission. This vulnerability compromises the integrity of quiz results and academic reliability without enabling privilege escalation, unauthorized account access, or exposure of confidential information. The fix is available in version 2.46.0, and no public exploit code or active exploitation has been identified at the time of analysis.
Stored cross-site scripting (XSS) in Frappe Learning Management System versions 2.27.0 through 2.47.x allows unauthenticated remote attackers to inject and persist malicious scripts that execute in the browsers of other users. The vulnerability affects content structure functionality and has been patched in version 2.48.0. No public exploit code or active exploitation has been confirmed at time of analysis.
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Reflected Cross-Site Scripting in the designthemes LMS WordPress theme (versions 9.7 and earlier) allows unauthenticated remote attackers to inject arbitrary JavaScript that executes in a victim's browser when they open a crafted link. Reported by Patchstack, the flaw carries CVSS 7.1 with a scope change, reflecting cross-context impact; no public exploit is identified at time of analysis and it is not listed in CISA KEV.
Reflected XSS in LAN Management System (LMS) before commit 9c5651b allows network-positioned attackers to inject arbitrary JavaScript into the browsers of authenticated LMS users by crafting malicious links targeting the `dbrecover.php` and `netremap.php` modules. The `db`, `id`, and `mapto` GET parameters were directly concatenated into HTML anchor elements without sanitization, as confirmed by the upstream commit diff. No public exploit has been identified at time of analysis, exploitation is not confirmed in CISA KEV, and the CVSS 4.0 score of 2.1 reflects genuinely constrained impact due to the required victim interaction and specific attack preconditions.
OS command injection in LMS (LAN Management System) before commit 9fcb4de allows authenticated adjacent attackers to execute arbitrary operating system commands by supplying a malicious IP address parameter that is passed unsanitized to exec(). The flaw was reported by CERT-PL and an upstream fix is available; no public exploit identified at time of analysis, and the CVSS 4.0 score of 8.6 reflects high impact on the vulnerable system with limited subsequent-system effect.
Error-based SQL injection in LMS (LAN Management System) before commit 4cb30a7 allows authenticated attackers to extract sensitive database contents via the tarifflist.php module. The flaw stems from unsanitized concatenation of the POST tg[] array into a SQL query through implode(), and a CERT-PL-coordinated fix is upstream. No public exploit identified at time of analysis.
Metadata injection in Frappe LMS prior to version 2.53.0 enables authenticated users to embed crafted content into user-editable fields that, when reflected in page metadata, silently redirects visiting users' browsers to an attacker-controlled URL. Exploitation requires a low-privilege account (PR:L) and passive victim interaction (UI:P) - a target must visit a page containing the poisoned content. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog; its CVSS 4.0 score of 2.1 reflects genuinely low severity, though the redirect capability carries downstream phishing and credential-harvesting risk.
Path traversal in Frappe Learning Management System (LMS) versions 2.50.0 and below allows authenticated users with course-editing privileges to write arbitrary files outside the intended upload directory by uploading a maliciously crafted SCORM ZIP package. The CVSS 4.0 base score of 9.4 reflects high impact across confidentiality, integrity, and availability with scope change to subsequent systems, though exploitation requires low-privileged authentication. No public exploit identified at time of analysis.
Frappe Learning Management System versions prior to 2.46.0 allow authenticated students to modify their own quiz scores via client-side manipulation using browser developer tools before submission. This vulnerability compromises the integrity of quiz results and academic reliability without enabling privilege escalation, unauthorized account access, or exposure of confidential information. The fix is available in version 2.46.0, and no public exploit code or active exploitation has been identified at the time of analysis.
Stored cross-site scripting (XSS) in Frappe Learning Management System versions 2.27.0 through 2.47.x allows unauthenticated remote attackers to inject and persist malicious scripts that execute in the browsers of other users. The vulnerability affects content structure functionality and has been patched in version 2.48.0. No public exploit code or active exploitation has been confirmed at time of analysis.
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.