CVE-2020-36960

Publication date

2026-01-26 17:43:22

Family

VulnCheck

State

PUBLISHED

Description

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like to execute arbitrary JavaScript when the profile is viewed by other users.