Описание
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '' to execute arbitrary JavaScript when the profile is viewed by other users.
EPSS
Процентиль: 9%
0.00032
Низкий
6.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.4
github
12 дней назад
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitrary JavaScript when the profile is viewed by other users.
EPSS
Процентиль: 9%
0.00032
Низкий
6.4 Medium
CVSS3
Дефекты
CWE-79