31 matches found
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
PT-2026-20941
Name of the Vulnerable Software and Affected Versions FormaLMS versions 4.1.18 and below Description A flaw exists in the password recovery functionality of FormaLMS that allows for user enumeration. An unauthenticated attacker can determine valid registered usernames by observing differing error...
CVE-2026-26744
FormaLMS 4.1.18 and earlier is affected by a user-enumeration flaw in the password-recovery endpoint (/lostpwd). The app returns different error messages for valid versus invalid usernames, enabling unauthenticated attackers to determine registered usernames via observable responses. The descript...
CVE-2026-26744
A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are...
EUVD-2023-50880
Malicious code in bioql PyPI...
CVE-2021-43136
An authentication bypass issue in FormaLMS = 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform...
FormaLMS Cross-Site Scripting Vulnerability
FormaLMS is an open source learning management system. It is used to build around the specific needs of corporate training. A cross-site scripting vulnerability exists in FormaLMS versions prior to 4.0.5, which stems from the application's lack of effective filtering and escaping of user-supplied...
CVE-2023-46693
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
CVE-2023-46693
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
CVE-2023-46693
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
Cross site scripting
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
CVE-2023-46693
Cross Site Scripting XSS vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters...
FormaLMS 跨站脚本漏洞
FormaLMS is an open source learning management system. It is used to build around the specific needs of corporate training. A cross-site scripting vulnerability exists in FormaLMS versions prior to 4.0.5, which stems from the application's lack of effective filtering and escaping of user-supplied...
CVE-2023-46693
CVE-2023-46693 describes a Cross-Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5. The issue arises from insufficient filtering/escaping of user-supplied data, allowing an attacker to run arbitrary code by manipulating the title parameter. Affected software: FormaLMS versions prior to ...
formalms SQL Injection Vulnerability
formalms a learning management system. Used to build around the specific needs of corporate training. formalms versions prior to v.1.4.3 contain a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit this...
FormaLms SQL注入漏洞
formalms a learning management system. Used to build around the specific needs of corporate training. formalms versions prior to v.1.4.3 contain a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit this...