Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
formalms formalms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5257
Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms prior to 1.2.1 p01 allow remote malicious users to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.p...
Formalms Formalms
9.8
CVSSv3
CVE-2022-27104
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.
Formalms Formalms
6.1
CVSSv3
CVE-2022-41679
Forma LMS version 3.1.0 and previous versions are affected by an Cross-Site scripting vulnerability, that could allow a remote malicious user to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation o...
Formalms Formalms
6.5
CVSSv3
CVE-2022-41680
Forma LMS on its 3.1.0 version and previous versions is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'search[value] parameter in the appL...
Formalms Formalms
8.8
CVSSv3
CVE-2022-41681
There is a vulnerability on Forma LMS version 3.1.0 and previous versions that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. The exploitation of this vulnerability could lea...
Formalms Formalms
9.8
CVSSv3
CVE-2021-43136
An authentication bypass issue in FormaLMS <= 2.4.4 allows an malicious user to bypass the authentication mechanism and obtain a valid access to the platform.
Formalms Formalms
6.1
CVSSv3
CVE-2023-46693
Cross Site Scripting (XSS) vulnerability in FormaLMS prior to 4.0.5 allows malicious users to run arbitrary code via title parameters.
Formalms Formalms
8.8
CVSSv3
CVE-2022-42923
Forma LMS on its 3.1.0 version and previous versions is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'app...
Formalms Formalms
6.5
CVSSv3
CVE-2022-42924
Forma LMS on its 3.1.0 version and previous versions is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the &...
Formalms Formalms
8.8
CVSSv3
CVE-2022-42925
There is a vulnerability on Forma LMS version 3.1.0 and previous versions that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could le...
Formalms Formalms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »