Browse all 7 CVE security advisories affecting Forma. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Forma is a web-based platform primarily used for marketing automation and customer engagement, enabling businesses to manage campaigns and analyze customer interactions. Historically, Forma has been vulnerable to several security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities, as evidenced by its seven recorded CVEs. The platform's security posture has been characterized by vulnerabilities in input validation and access control mechanisms. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly in handling user inputs and managing authentication processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-36998 | forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting — E-Learning SuiteCWE-79 | 6.4 | Medium | 2026-01-30 |
| CVE-2022-41679 | Cross-site scripting in Forma LMS version — Forma LMSCWE-79 | 4.7 | Medium | 2022-10-31 |
| CVE-2022-42924 | SQL injection in Forma LMS — Forma LMSCWE-89 | 7.6 | High | 2022-10-31 |
| CVE-2022-41681 | File Upload vulnerability in Forma LMS — Forma LMSCWE-434 | 9.9 | Critical | 2022-10-31 |
| CVE-2022-41680 | SQL Injection in Forma LMS — Forma LMSCWE-89 | 7.6 | High | 2022-10-31 |
| CVE-2022-42925 | Unrestricted Upload of File with Dangerous Type in Forma LMS — Forma LMSCWE-434 | 9.9 | Critical | 2022-10-31 |
| CVE-2022-42923 | SQL injection in Forma LMS — Forma LMSCWE-89 | 8.3 | High | 2022-10-31 |
This page lists every published CVE security advisory associated with Forma. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.