PT-2026-32358 · Totara · Totara Lms
Saykino
·
Published
2026-04-13
·
Updated
2026-04-13
·
CVE-2026-31281
CVSS v3.1
8.0
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Totara LMS versions prior to 19.1.6
Description
An issue exists where an attacker can inject malicious HTML code into a message and send it to all users within the application. This can lead to the execution of the code in the victim's browser, potentially resulting in session hijacking and the execution of commands.
Recommendations
Update to a version newer than 19.1.5.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Totara Lms