Unknown · Forma.Lms The E-Learning Suite · CVE-2020-36998
**Name of the Vulnerable Software and Affected Versions**
Forma.lms The E-Learning Suite version 2.3.0.2
**Description**
Forma.lms The E-Learning Suite version 2.3.0.2 contains a persistent cross-site scripting issue in multiple course and profile parameters. Attackers can inject malicious scripts into course code, name, description fields, and the email parameter, leading to the execution of arbitrary JavaScript due to a lack of proper input sanitization.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.