{"id":"CVE-2026-46546","summary":"Frappe LMS: HTML injection in user-controlled metadata","details":"Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.","aliases":["GHSA-2x47-gr9q-w6fv"],"modified":"2026-07-11T04:04:05.657833345Z","published":"2026-06-09T23:54:06.037Z","database_specific":{"cwe_ids":["CWE-74"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46546.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46546.json"},{"type":"ADVISORY","url":"https://github.com/frappe/lms/security/advisories/GHSA-2x47-gr9q-w6fv"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-46546"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/frappe/lms","events":[{"introduced":"0"},{"fixed":"859dd33af7977c00c996ec47871654757ff64f85"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.53.0"},{"fixed":"2.52.0"}],"source":["AFFECTED_FIELD","CPE_RANGE"],"cpe":"cpe:2.3:a:frappe:learning:*:*:*:*:*:*:*:*"}}],"versions":["v2.52.1","v2.52.0","v2.51.0","v2.50.1","v2.50.0","v2.49.0","v2.48.0","v2.47.0","v2.46.0","v2.45.2","v2.45.1","v2.45.0","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46546.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}]}