PT-2026-5413 · Unknown · Forma.Lms The E-Learning Suite
Daniel Ortiz
·
Published
2026-01-30
·
Updated
2026-01-30
·
CVE-2020-36998
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Forma.lms The E-Learning Suite version 2.3.0.2
Description
Forma.lms The E-Learning Suite version 2.3.0.2 contains a persistent cross-site scripting issue in multiple course and profile parameters. Attackers can inject malicious scripts into course code, name, description fields, and the email parameter, leading to the execution of arbitrary JavaScript due to a lack of proper input sanitization.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forma.Lms The E-Learning Suite