XSS in Lms
CVE-2026-40457
A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. Thi…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Lms — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (patch)
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)