Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

lms — Vulnerabilities & Security Advisories 38

All 38 CVE vulnerabilities found in lms, with AI-generated Chinese analysis, references, and POCs.

This page aggregates security vulnerability data for Learning Management Systems (LMS) categorized under common software weakness classes. It collects details regarding known vulnerabilities, including their descriptions, impact assessments, and associated reference identifiers, providing a consolidated view of security issues affecting this product category. The data covers incidents reported from 2010 through the current date, ensuring a historical perspective on emerging threats and patches. Readers can use this resource to track specific vendor advisories and monitor the timeline of security disclosures for major LMS providers. Additionally, users can analyze trends within specific weakness classes to understand how certain flaws persist or are mitigated over time. The page also serves as a lookup tool for reviewing the complete vulnerability history of individual LMS products, helping administrators prioritize updates based on risk severity. By centralizing this information, the resource supports informed decision-making for IT security teams responsible for maintaining educational technology infrastructure. The content is structured to facilitate easy navigation between different vendors and version histories, allowing for rapid assessment of exposure levels. Regular updates ensure that the information remains current with newly disclosed issues and subsequent remediation efforts. This aggregated view reduces the effort required to manually search multiple vendor sites and security databases, offering a streamlined approach to managing LMS security posture.

Vendor: Fernus Informatics

CVE IDTitleCVSSSeverityPublished
CVE-2026-40457 Reflected XSS in LMS CWE-79--2026-06-18
CVE-2026-40456 OS Command Injection in LMS CWE-78--2026-06-18
CVE-2026-40455 SQL Injection in LMS CWE-89--2026-06-18
CVE-2026-46546 Frappe LMS: HTML injection in user-controlled metadata CWE-74--2026-06-09
CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags CWE-79 5.4 Medium2026-06-01
CVE-2026-39405 Frappe has Path Transversal via SCORM CWE-22--2026-05-20
CVE-2026-39415 Frappe Learning Management System has Client-Side Manipulation of Quiz Scores CWE-602 7.1AIHighAI2026-04-08
CVE-2026-34606 Stored XSS in Frappe LMS CWE-79 5.4AIMediumAI2026-04-02
CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users CWE-862 4.3 -2026-02-20
CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students CWE-863 5.3AIMediumAI2026-02-11
CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization CWE-285 5.4 Medium2026-01-18
CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages CWE-79 5.4AIMediumAI2026-01-14
CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form CWE-79 5.4AIMediumAI2025-12-12
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields CWE-79 5.4AIMediumAI2025-12-12
CVE-2025-66581 Frappe LMS is Missing Server-Side Authorization in Business Logic CWE-863 8.8 -2025-12-05
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached CWE-863 6.3 -2025-11-12
CVE-2025-64705 Frappe user was able to access the submission of other students CWE-200 4.6 -2025-11-12
CVE-2025-62779 Frappe Learning users were able to add HTML through input fields in the Job Form CWE-79 5.4AIMediumAI2025-10-27
CVE-2025-62778 Frappe Learning allowed students to access the Quiz Form via direct URL CWE-425 5.3AIMediumAI2025-10-27
CVE-2025-62158 Frappe had attachments made by students to their assignments of type Text set to public CWE-200 7.5AIHighAI2025-10-10
CVE-2025-11283 Frappe LMS Course cross site scripting CWE-79 2.4 Low2025-10-05
CVE-2025-11282 Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting CWE-79 2.4 Low2025-10-05
CVE-2025-11281 Frappe LMS Unpublished Course courses access control CWE-284 5.0 Medium2025-10-05
CVE-2025-11280 Frappe LMS Assignment Picture files direct request CWE-425 3.7 Low2025-10-05
CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field CWE-79 4.6 Medium2025-09-17
CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature CWE-20 4.3 Medium2025-08-09
CVE-2025-52833 WordPress LMS theme <= 9.2 - SQL Injection Vulnerability CWE-89 9.3 Critical2025-07-04
CVE-2025-52799 WordPress LMS theme <= 9.2 - Reflected Cross Site Scripting (XSS) Vulnerability CWE-79 7.1 High2025-06-27
CVE-2024-8002 VIWIS LMS File Upload cross site scripting CWE-79 4.3 Medium2025-01-08
CVE-2024-8001 VIWIS LMS Print authorization CWE-862 5.3 Medium2024-11-13

All 38 known CVE vulnerabilities affecting lms with full Chinese analysis, references, and POCs where available.