CVE-2026-46546
LowCVSS 2.1Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
Frappe Learning Management System (LMS) prior to version 2.53.0 allowed authenticated users to supply specially crafted content in editable fields, which could lead to visitors' browsers being redirected to an attacker-chosen URL.
Risk Assessment
The organization may be exposed to phishing attacks or other malicious actions that could result in data loss or compromise of user security.
Recommendation
It is recommended to update the system to version 2.53.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.

