Forma LMS version 3.1.0 and previous versions are affected by an Cross-Site scripting vulnerability, that could allow a remote malicious user to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an malicious user to steal the user´s cookies in order to log in to the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
formalms formalms |