CNNVD-202601-4369 Information

CNNVD ID

CNNVD-202601-4369

Related CVE

CVE-2020-36960

• CNNVD Published: 2026-01-26

Description (Chinese)

Forma LMS是意大利Forma公司的一个开源学习管理系统。 Forma LMS 2.3版本存在跨站脚本漏洞，该漏洞源于用户名字段存在存储型跨站脚本，可能导致执行任意JavaScript代码。

Description (English)

Forma LMS is an open-source learning management system for Forma, Italy. Forma LMS 2.3 has a cross-site script loophole, which stems from the existence of a stored cross-site script in the user ’ s name segment, which could lead to the implementation of any JavaScript code.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Forma

Published

2026-01-26

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/49197 https://www.formalms.org/ https://www.vulncheck.com/advisories/forma-lms-first-last-name-stored-cross-site-scripting

Patch

https://www.formalms.org/download.html