VYPR
Medium severity4.7NVD Advisory· Published Oct 31, 2022· Updated Jun 17, 2026

CVE-2022-41679

CVE-2022-41679

Description

Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Forma/Formalmsllm-fuzzy2 versions
    <=3.1.0+ 1 more
    • (no CPE)range: <=3.1.0
    • (no CPE)range: 3.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.