CVE-2022-40288 An application was vulnerable to Stored XSS, which could be used to escalate privileges and compromise accounts that view user profile.
This XSS flaw was reported by Secunia and Cisco. The application was vulnerable to a session hijacking issue in the user registration form, which could
CVE-2022-42923 - Forma LMS 3.1. and Earlier – SQL Injection Exploit Walkthrough
Forma LMS is a popular open-source Learning Management System. But like many web applications, it has had its fair share of vulnerabilities. One significant issue
CVE-2022-41679 - Exploiting an XSS Vulnerability in Forma LMS via the "back_url" Parameter
Forma LMS is a popular open-source Learning Management System used by organizations worldwide to deliver online courses. Unfortunately, up to version 3.1., Forma LMS
CVE-2022-42925 - How Forma LMS Student Uploads Can Become a Remote Code Injection Nightmare
CVE-2022-42925 is a critical vulnerability that affects Forma LMS (Learning Management System) software, version 3.1. and earlier. At first glance, it may sound like
CVE-2022-41681 - Privilege Escalation & Remote Code Injection via SCORM Import in Forma LMS <= 3.1.
Forma LMS is a popular open-source Learning Management System used by educational institutions and organizations worldwide. On October 2022, a security flaw was discovered in
Episode
00:00:00
00:00:00