CVE-2024-26140

CVE-2024-26140 affects com.yetanalytics/lrs (core LRS library) prior to version 1.2.17 and SQL LRS prior to 0.7.5 . A maliciously crafted xAPI statement could trigger script or other tag injection in the LRS Statement Browser. The issue is patched in the listed versions; no public workarounds are...