← voltar
CVE-2020-36998

forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Produtos afetados
forma · E-Learning Suite

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://sourceforge.net/projects/forma/https://sourceforge.net/projects/forma/files/latest/downloadhttps://www.exploit-db.com/exploits/48478https://www.vulncheck.com/advisories/formalms-the-e-learning-suite-persistent-cross-site-scripting