Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

lms — Vulnerabilities & Security Advisories 32

All 32 CVE vulnerabilities found in lms, with AI-generated Chinese analysis, references, and POCs.

Vendor: Fernus Informatics

CVE IDTitleCVSSSeverityPaused
CVE-2026-39415 Frappe Learning Management System has Client-Side Manipulation of Quiz Scores CWE-602 7.1AIHighAI2026-04-08
CVE-2026-34606 Stored XSS in Frappe LMS CWE-79 5.4AIMediumAI2026-04-02
CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users CWE-862 4.3 -2026-02-20
CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students CWE-863 5.3AIMediumAI2026-02-11
CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization CWE-285 5.4 Medium2026-01-18
CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages CWE-79 5.4AIMediumAI2026-01-14
CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form CWE-79 5.4AIMediumAI2025-12-12
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields CWE-79 5.4AIMediumAI2025-12-12
CVE-2025-66581 Frappe LMS is Missing Server-Side Authorization in Business Logic CWE-863 8.8 -2025-12-05
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached CWE-863 6.3 -2025-11-12
CVE-2025-64705 Frappe user was able to access the submission of other students CWE-200 4.6 -2025-11-12
CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form CWE-79 5.4AIMediumAI2025-10-27
CVE-2025-62778 Frappe Learning allowed students to access the Quiz Form via direct URL CWE-425 5.3AIMediumAI2025-10-27
CVE-2025-62158 Frappe had attachments made by students to their assignments of type Text set to public CWE-200 7.5AIHighAI2025-10-10
CVE-2025-11283 Frappe LMS Course cross site scripting CWE-79 2.4 Low2025-10-05
CVE-2025-11282 Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting CWE-79 2.4 Low2025-10-05
CVE-2025-11281 Frappe LMS Unpublished Course courses access control CWE-284 5.0 Medium2025-10-05
CVE-2025-11280 Frappe LMS Assignment Picture files direct request CWE-425 3.7 Low2025-10-05
CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field CWE-79 4.6 Medium2025-09-17
CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature CWE-20 4.3 Medium2025-08-09
CVE-2025-52833 WordPress LMS theme <= 9.2 - SQL Injection Vulnerability CWE-89 9.3 Critical2025-07-04
CVE-2025-52799 WordPress LMS theme <= 9.2 - Reflected Cross Site Scripting (XSS) Vulnerability CWE-79 7.1 High2025-06-27
CVE-2024-8002 VIWIS LMS File Upload cross site scripting CWE-79 4.3 Medium2025-01-08
CVE-2024-8001 VIWIS LMS Print authorization CWE-862 5.3 Medium2024-11-13
CVE-2024-3932 Totara LMS User Selector cross-site request forgery CWE-352 3.1 Low2024-04-18
CVE-2024-3931 Totara LMS User Selector check.php cross site scripting CWE-79 3.5 Low2024-04-18
CVE-2024-1439 Inadequate access control vulnerability in Moodle CWE-284 6.5 Medium2024-02-12
CVE-2023-42807 Frappe LMS SQL Injection Issue on People Page CWE-89 6.3 Medium2023-09-21
CVE-2023-4974 Academy LMS GET Parameter filter sql injection CWE-89 6.3 Medium2023-09-15
CVE-2023-4973 Academy LMS GET Parameter filter cross site scripting CWE-79 3.5 Low2023-09-15

All 32 known CVE vulnerabilities affecting lms with full Chinese analysis, references, and POCs where available.