There is unauthenticated reflected cross-site scripting (XSS) in LAMS prior to 3.1 that allows a remote malicious user to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
lamsfoundation lams |