4 matches found
Design/Logic Flaw
com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...
CVE-2024-26140 com.yetanalytics/lrs has Cross-site Scripting Vulnerability in Statement Browser
com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...
CVE-2024-26140
CVE-2024-26140 affects com.yetanalytics/lrs (core LRS library) prior to version 1.2.17 and SQL LRS prior to 0.7.5 . A maliciously crafted xAPI statement could trigger script or other tag injection in the LRS Statement Browser. The issue is patched in the listed versions; no public workarounds are...
CVE-2024-26140 com.yetanalytics/lrs has Cross-site Scripting Vulnerability in Statement Browser
com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 o...