← back
CVE-2020-36998

forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
forma · E-Learning Suite

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sourceforge.net/projects/forma/https://sourceforge.net/projects/forma/files/latest/downloadhttps://www.exploit-db.com/exploits/48478https://www.vulncheck.com/advisories/formalms-the-e-learning-suite-persistent-cross-site-scripting