VYPR

Totara

by Totara

CVEs (3)

  • CVE-2026-31283CriApr 13, 2026
    risk 0.64cvss 9.8epss 0.00

    In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. NOTE: the Supplier's position is that the pwresettime configuration defaults to 30 minutes, the pwresettime…

  • CVE-2024-3931LowApr 18, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in Totara LMS up to 18.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin/roles/check.php of the component User Selector. The manipulation of the argument ID Number leads to cross site scripting.…

  • CVE-2024-3932LowApr 18, 2024
    risk 0.20cvss 3.1epss 0.00

    A vulnerability classified as problematic has been found in Totara LMS up to 18.7. This affects an unknown part of the component User Selector. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The complexity of an attack is…