Forma LMS 2.3 Cross Site Scripting

Forma LMS version 2.3 suffers from a persistent cross site scripting vulnerability.

MD5 | 3206309649992f7fa224bfd2e0f96d17

# Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting 
# Date: 04-12-2020
# Exploit Author: Hemant Patidar (HemantSolo)
# Vendor Homepage:
# Software Link:
# Version: 2.3
# Tested on: Windows 10/Kali Linux

1. Go to the Forma LMS and login to your account.
2. Now go to the User Profile.
3. Now Edit the profile.
4. Put the below payload in first and last name:
5. Now click on Save button.
6. The XSS will be triggered.

Related Posts