Vulnerabilities > Formalms > Formalms > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-07 | CVE-2023-46693 | Cross-site Scripting vulnerability in Formalms Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. | 6.1 |
| 2022-10-31 | CVE-2022-41679 | Cross-site Scripting vulnerability in Formalms Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. | 6.1 |
| 2022-10-31 | CVE-2022-41680 | SQL Injection vulnerability in Formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. | 6.5 |
| 2022-10-31 | CVE-2022-41681 | Unrestricted Upload of File with Dangerous Type vulnerability in Formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SCORM importer feature. | 8.8 |
| 2022-10-31 | CVE-2022-42923 | SQL Injection vulnerability in Formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. | 8.8 |
| 2022-10-31 | CVE-2022-42924 | SQL Injection vulnerability in Formalms Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. | 6.5 |
| 2022-10-31 | CVE-2022-42925 | Unrestricted Upload of File with Dangerous Type vulnerability in Formalms There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. | 8.8 |
| 2022-04-19 | CVE-2022-27104 | SQL Injection vulnerability in Formalms An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3. | 7.5 |
| 2021-11-10 | CVE-2021-43136 | Use of Hard-coded Credentials vulnerability in Formalms An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. | 6.8 |
| 2014-11-06 | CVE-2014-5257 | Cross-Site Scripting vulnerability in Formalms Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php. | 4.3 |