Cross-site scripting in Forma LMS version
CVE-2022-41679

4.7MEDIUM

Key Information:

Vendor: Forma
Status: Forma Lms
Vendor: CVE Published:; 31 October 2022

What is CVE-2022-41679?

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Forma LMS 3.0.1 <= 3.1.0

References

https://www.incibe-cert.es/en/early-warning/security-advi...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 31, 2022
Vulnerability Reserved
Sep 28, 2022

Credit

Tin Pham aka 'TF1T'

JSON

Forma