CVE-2020-36998
forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
30 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, description fields, and email parameter to execute arbitrary JavaScript without proper input sanitization.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Affected products
forma · E-Learning SuiteWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →