CNNVD-202601-5067 Information

CNNVD ID

CNNVD-202601-5067

Related CVE

CVE-2020-36998

• CNNVD Published: 2026-01-30

Description (Chinese)

forma.lms是个人开发者的一个开源的基于Web的在线学习平台。 forma.lms 2.3.0.2版本存在跨站脚本漏洞，该漏洞源于对课程代码、名称、描述字段和email参数输入清理不当，可能导致存储型跨站脚本攻击。

Description (English)

Forma.lms is an open-source Web-based online learning platform for individual developers. Forma.lms version 2.3.0.2 has a cross-site script loophole, which results from the inappropriate clean-up of course codes, names, descriptive fields and email parameters, which may lead to storage-type cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2026-01-30

Last Modified

2026-02-24

References

https://sourceforge.net/projects/forma/ https://sourceforge.net/projects/forma/files/latest/download https://www.exploit-db.com/exploits/48478 https://www.vulncheck.com/advisories/formalms-the-e-learning-suite-persistent-cross-site-scripting