PT-2026-5413 · Unknown · Forma.Lms The E-Learning Suite

Daniel Ortiz

Publicado

2026-01-30

Atualizado

2026-01-30

CVE-2020-36998

CVSS v3.1

6.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Forma.lms The E-Learning Suite version 2.3.0.2

Description Forma.lms The E-Learning Suite version 2.3.0.2 contains a persistent cross-site scripting issue in multiple course and profile parameters. Attackers can inject malicious scripts into course code, name, description fields, and the email parameter, leading to the execution of arbitrary JavaScript due to a lack of proper input sanitization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2020-36998

Produtos afetados

Forma.Lms The E-Learning Suite

PT-2026-5413 · Unknown · Forma.Lms The E-Learning Suite

CVE-2020-36998

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6