Formalms

Formalms

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-26744

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 00:00:00
  • Zuletzt bearbeitet 26.02.2026 02:48:23

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthentic...

6.4

CVE-2020-36960

Exploit
  • EPSS 0.04%
  • Veröffentlicht 26.01.2026 17:43:22
  • Zuletzt bearbeitet 27.01.2026 14:59:34

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute a...

6.1

CVE-2023-46693

  • EPSS 0.18%
  • Veröffentlicht 07.12.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 08:29:05

Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters.

6.1

CVE-2022-41679

  • EPSS 0.19%
  • Veröffentlicht 31.10.2022 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:23:37

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of ...

8.8

CVE-2022-42925

  • EPSS 0.71%
  • Veröffentlicht 31.10.2022 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:25:36

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vu...

6.5

CVE-2022-42924

  • EPSS 0.31%
  • Veröffentlicht 31.10.2022 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:25:36

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' paramete...

8.8

CVE-2022-42923

  • EPSS 0.23%
  • Veröffentlicht 31.10.2022 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:25:36

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the...

8.8

CVE-2022-41681

  • EPSS 0.71%
  • Veröffentlicht 31.10.2022 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:23:37

There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vul...

6.5

CVE-2022-41680

  • EPSS 0.12%
  • Veröffentlicht 31.10.2022 20:15:13
  • Zuletzt bearbeitet 21.11.2024 07:23:37

Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parame...

9.8

CVE-2022-27104

  • EPSS 1%
  • Veröffentlicht 19.04.2022 17:15:11
  • Zuletzt bearbeitet 21.11.2024 06:55:08

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.