CVE Catalog

CVE-2026-46546

LowCVSS 2.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

15th percentile — higher than 15% of all known CVEs

Summary

Frappe Learning Management System (LMS) prior to version 2.53.0 allowed authenticated users to supply specially crafted content in editable fields, which could lead to visitors' browsers being redirected to an attacker-chosen URL.

Risk Assessment

The organization may be exposed to phishing attacks or other malicious actions that could result in data loss or compromise of user security.

Recommendation

It is recommended to update the system to version 2.53.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS