Lucene search
+L

18 matches found

euvd
euvd
added 2026/01/30 4:16 p.m.6 views

EUVD-2020-30962

Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input...

6.4CVSS6AI score0.00252EPSS
Exploits0References4
cve
cve
added 2026/01/26 5:43 p.m.9 views

CVE-2020-36960

Forma LMS 2.3 contains a stored cross-site scripting (XSS) vulnerability in the user profile first/last name fields. An attacker can inject scripts (e.g., ) that execute when other users view the profile. Connected sources provide CVSS scores (4.0: 5.1/ MEDIUM; 3.1: 6.4/ MEDIUM) and confirm the v...

6.4CVSS6AI score0.00195EPSS
Exploits0References3
euvd
euvd
added 2026/01/26 5:43 p.m.5 views

EUVD-2020-30854

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

6.4CVSS6AI score0.00195EPSS
Exploits0References3
osv
osv
added 2022/10/31 8:15 p.m.3 views

CVE-2022-41681

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lead to a remote code injection...

8.8CVSS6.1AI score0.00863EPSS
Exploits0References1
osv
osv
added 2022/10/31 8:15 p.m.6 views

CVE-2022-42925

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker with the role of student to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection...

8.8CVSS6.1AI score0.00863EPSS
Exploits0References1
osv
osv
added 2022/10/31 8:15 p.m.9 views

CVE-2022-42923

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker with the role of student to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete'...

8.8CVSS5.8AI score0.00585EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/10/31 12:0 a.m.6 views

Forma Learning Management System 代码问题漏洞

Forma Learning Management System LMS is a learning management system LMS. A security vulnerability exists in Forma Learning Management System version 3.1.0, which originates from the ability to upload a zip file when having student privileges, which could lead to remote code execution...

9.9CVSS8.4AI score0.00863EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/10/31 12:0 a.m.5 views

Forma Learning Management System 跨站脚本漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System 3.1.0 and prior versions, which originated from a vulnerability that allows remote attackers to inject JavaScript code into the backurl parameter, which ca...

6.1CVSS6.5AI score0.00454EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/10/31 12:0 a.m.5 views

Forma Learning Management System 代码问题漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Forma Learning Management System version 3.1.0 and earlier, which can be exploited by an attacker to elevate privileges and upload a Zip file via the SCORM importer feature...

9.9CVSS7.9AI score0.00863EPSS
Exploits0References2
cnnvd
cnnvd
added 2022/10/31 12:0 a.m.7 views

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in the Forma Learning Management System version 3.1.0, which originates from an SQl injection of the dynfilter parameter of the appLms/ajax.admserver.php?r=widget/userselector/getusertabledat...

7.6CVSS6.5AI score0.00437EPSS
Exploits0References2
osv
osv
added 2022/04/19 5:15 p.m.4 views

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

9.8CVSS7.3AI score0.01211EPSS
Exploits0References3
cnnvd
cnnvd
added 2021/07/23 12:0 a.m.2 views

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in Learning Management System v 1.0, which can be exploited by remote attackers to execute arbitrary SQL statements via the id parameter and obtain sensitive database information...

7.5CVSS8AI score0.01535EPSS
Exploits1References2
openvas
openvas
added 2019/12/05 12:0 a.m.27 views

forma.lms Detection (HTTP)

Checks whether Forma Learning Management System is present on the target system and if so, tries to figure out the installed version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under th...

7AI score
Exploits0References1
cnvd
cnvd
added 2019/12/04 12:0 a.m.3 views

Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44282)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

8.8CVSS7.8AI score0.01393EPSS
Exploits1References1
cnvd
cnvd
added 2019/12/04 12:0 a.m.5 views

Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44281)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

8.8CVSS7.8AI score0.01605EPSS
Exploits1References1
cnvd
cnvd
added 2019/12/04 12:0 a.m.3 views

Forma Learning Management System SQL Injection Vulnerability (CNVD-2020-02570)

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...

8.8CVSS7.8AI score0.01064EPSS
Exploits1References1
cnvd
cnvd
added 2019/12/03 12:0 a.m.4 views

Forma Learning Management System SQL Injection Vulnerability

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker could exploit this vulnerability by sending a specially crafted web request to disclose database user credentials and access the...

8.8CVSS7.8AI score0.01064EPSS
Exploits1References1
talosblog
talosblog
added 2019/12/02 10:46 a.m.38 views

Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System

Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and hos...

6.5CVSS1.5AI score0.01605EPSS
Exploits4
Rows per page
Query Builder