# Exploit Title: Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting # Date: 04-12-2020# Exploit Author: Hemant Patidar (HemantSolo)# Vendor Homepage: https://www.formalms.org/download.html# Software Link: https://www.formalms.org/# Version: 2.3# Tested on: Windows 10/Kali Linux
Steps-To-Reproduce:1. Go to the Forma LMS and login to your account.2. Now go to the User Profile.3. Now Edit the profile.4. Put the below payload in first and last name:"<script>alert(document.cookie)</script>"5. Now click on Save button.6. The XSS will be triggered.
