CVE-2020-36960

Name of the Vulnerable Software and Affected Versions Forma LMS version 2.3

Description A stored cross-site scripting issue exists that allows attackers to inject malicious scripts into the user profile first and last name fields. This enables the execution of arbitrary JavaScript when other users view the affected profile.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.