Unknown · Com.Yetanalytics/Lrs · CVE-2024-26140
**Name of the Vulnerable Software and Affected Versions**
com.yetanalytics/lrs versions prior to 1.2.17
SQL LRS versions prior to 0.7.5
**Description**
A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. No known workarounds exist.
**Recommendations**
For com.yetanalytics/lrs versions prior to 1.2.17, update to version 1.2.17 to resolve the issue.
For SQL LRS versions prior to 0.7.5, update to version 0.7.5 to resolve the issue.