exploitDog

CVE-2026-23497

Опубликовано: 14 янв. 2026

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages.

Ссылки

https://github.com/frappe/lms/commit/e7ccf0a711d0e0ab5e6b28b7a1e4e0510b6b9543
Patch
https://github.com/frappe/lms/security/advisories/GHSA-78mq-3whw-69j5
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.45.0 (исключая)

EPSS

Процентиль: 8%

0.00029

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

EPSS

Процентиль: 8%

0.00029

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79