Vulnerabilities > Formalms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-46693 Cross-site Scripting vulnerability in Formalms
Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters.
network
low complexity
formalms CWE-79
6.1
6.1
2022-10-31 CVE-2022-41679 Cross-site Scripting vulnerability in Formalms
Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function.
network
low complexity
formalms CWE-79
6.1
6.1
2022-10-31 CVE-2022-41680 SQL Injection vulnerability in Formalms
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability.
network
low complexity
formalms CWE-89
6.5
6.5
2022-10-31 CVE-2022-42924 SQL Injection vulnerability in Formalms
Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability.
network
low complexity
formalms CWE-89
6.5
6.5
2021-11-10 CVE-2021-43136 Use of Hard-coded Credentials vulnerability in Formalms
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.
network
formalms CWE-798
6.8
6.8
2020-10-08 CVE-2020-26802 Cross-Site Request Forgery (CSRF) vulnerability in Formalms 2.3.0.2
forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.
network
formalms CWE-352
6.8
6.8
2019-12-03 CVE-2019-5112 SQL Injection vulnerability in Formalms 2.2.1
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1.
network
low complexity
formalms CWE-89
6.5
6.5
2019-12-03 CVE-2019-5111 SQL Injection vulnerability in Formalms 2.2.1
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1.
network
low complexity
formalms CWE-89
6.5
6.5
2019-12-03 CVE-2019-5110 SQL Injection vulnerability in Formalms 2.2.1
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1.
network
low complexity
formalms CWE-89
6.5
6.5
2019-12-03 CVE-2019-5109 SQL Injection vulnerability in Formalms 2.2.1
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1.
network
low complexity
formalms CWE-89
6.5
6.5