Back to search
CVE-2018-12090
Published: Jun 11, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugs.lamsfoundation.org/browse/LDEV-4600
x_refsource_CONFIRM
45153
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now