4 matches found
LAMS 3.1 - Cross-Site Scripting
LAMS 3.1 - Cross-Site Scripting Exploit Title: LAMS 3.1 - Cross-Site Scripting Date: 2018-08-05 Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application...
LAMS < 3.1 - Cross-Site Scripting
Exploit Title: LAMS 3.1 - Cross-Site Scripting Date: 2018-08-05 Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application Platform: Java Version: = 3.1 CVE:...
CVE-2018-12090
There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...
CVE-2018-12090
LAMS prior to 3.1 is affected by an unauthenticated reflected XSS that allows injection of arbitrary JavaScript via an unsanitized GET parameter in forgotPasswordChange.jsp?key=. This is triggered through remote access without authentication; impact is confined to script execution in the victim’s...