CNNVD-202601-2371 Information
CNNVD ID
CNNVD-202601-2371
Related CVE
- CNNVD Published: 2026-01-14
Description (Chinese)
Frappe Learning Management System是Frappe开源的一个易于使用的开源学习管理系统。 Frappe Learning Management System 2.44.0及之前版本存在跨站脚本漏洞,该漏洞源于特制的图像文件名可能导致存储型跨站脚本攻击。
Description (English)
Frappe Learning Management System is an easy-to-use open-source learning management system for Frappe open sources. FrappeLearning Management System 2.44.0 and previous versions had a cross-site script loophole, which stemmed from a unique image file name that could result in a storage-type cross-station script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Frappe
Published
2026-01-14
Last Modified
2026-02-24
References
https://github.com/frappe/lms/security/advisories/GHSA-78mq-3whw-69j5 https://github.com/frappe/lms/commit/e7ccf0a711d0e0ab5e6b28b7a1e4e0510b6b9543 https://access.redhat.com/security/cve/cve-2026-23497
Patch
https://github.com/frappe/lms/releases
Share on: