header-logo
Suggest Exploit
vendor:
The E-Learning Suite
by:
Daniel Ortiz
N/A
CVSS
HIGH
Persistent Cross-Site Scripting
79
CWE
Product Name: The E-Learning Suite
Affected Version From: 2.3.0.2
Affected Version To: 2.3.0.2
Patch Exists: NO
Related CWE:
CPE: a:forma.lms:e-learning_suite:2.3.0.2
Metasploit:
Other Scripts:
Platforms Tested: XAMPP for Linux 64bit 5.6.40-0
2020

forma.lms The E-Learning Suite 2.3.0.2 – Persistent Cross-Site Scripting

The forma.lms software version 2.3.0.2 is vulnerable to persistent cross-site scripting. The 'course_code', 'course_name', 'course_box_descr', and 'course_descr' parameters in the Course Module and the 'Email' parameter in the Profile Module are vulnerable to XSS attacks. An attacker can inject malicious scripts through these parameters and execute arbitrary code on the victim's browser.

Mitigation:

To mitigate this vulnerability, the vendor should implement proper input validation and encoding for the affected parameters. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

# Exploit Title: forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting 
# Date: 2020-05-15
# Exploit Author: Daniel Ortiz
# Vendor Homepage: https://sourceforge.net/projects/forma/
# Software link: https://sourceforge.net/projects/forma/files/latest/download
# Tested on:  XAMPP for Linux 64bit 5.6.40-0



## 1 -Course Module
- Vulnerable parameter: course_code, course_name, course_box_descr, course_descr
- Payload: <SCRIPT>alert('XSS');</SCRIPT>
- Details: There is no control or security mechanism on this field. Specials characters are not encoded or filtered.
- Privileges: It requires admin.
- Location: Admin Area > E-learning > Courses > Courses > Edit Course
- Endopoint: /formalms/appCore/index.php?r=alms/course/modcourse


## 1 -Profile Module
- Vulnerable parameter: Email
- Payload: <div>jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */onmouseover=alert('xss') )//%0D%0A%0D%0A//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e</div>
- Details: There is some control on this field but can bypassed.
- Privileges: Do not requires admin or student account.
- Location: My Profile > Edit > Put the payload in Email field.
- Endpoint: /formalms/appLms/index.php?r=lms/profile/show&ap=saveinfo