CVE Catalog
CVE-2026-27404
HighCVSS 7.1Summary
An unauthenticated Cross Site Scripting (XSS) vulnerability exists in LMS version 9.7 and earlier. It allows a remote attacker to inject malicious scripts without authentication.
Risk Assessment
An attacker can steal user sessions, redirect users to malicious sites, or perform other actions in the victim's browser context, leading to data confidentiality and integrity breaches.
Recommendation
Immediately upgrade LMS to a version later than 9.7 that includes the XSS fix. Additionally, implement input filtering and output encoding mechanisms.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in LMS <= 9.7 versions.

