URL Navigation Vulnerability in Frappe Learning Management System
CVE-2026-46546
2.1LOW
What is CVE-2026-46546?
Frappe Learning Management System (LMS) prior to version 2.53.0 has a vulnerability that allows authenticated users to inject malicious URLs into specific user-editable fields. Subsequently, when this content is rendered in page metadata, it may redirect unsuspecting visitors to attacker-controlled sites. This issue poses a significant risk, as it can lead to phishing attacks and compromise user data. The vulnerability has been addressed in the latest version 2.53.0, which users are encouraged to upgrade to in order to secure their systems.
Affected Version(s)
lms < 2.53.0
