CVE Catalog

CVE-2026-27404

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

An unauthenticated Cross Site Scripting (XSS) vulnerability exists in LMS version 9.7 and earlier. It allows a remote attacker to inject malicious scripts without authentication.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform other actions in the victim's browser context, leading to data confidentiality and integrity breaches.

Recommendation

Immediately upgrade LMS to a version later than 9.7 that includes the XSS fix. Additionally, implement input filtering and output encoding mechanisms.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS