Vulnerabilities > Formalms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-46693 Cross-site Scripting vulnerability in Formalms
Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters.
network
low complexity
formalms CWE-79
6.1
6.1
2022-10-31 CVE-2022-41679 Cross-site Scripting vulnerability in Formalms
Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function.
network
low complexity
formalms CWE-79
6.1
6.1
2022-10-31 CVE-2022-41680 SQL Injection vulnerability in Formalms
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability.
network
low complexity
formalms CWE-89
6.5
6.5
2022-10-31 CVE-2022-42924 SQL Injection vulnerability in Formalms
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability.
network
low complexity
formalms CWE-89
6.5
6.5