Filtered by vendor Ltgplc
Subscriptions
Filtered by product Rustici Software Scorm Engine
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2035 | 1 Ltgplc | 1 Rustici Software Scorm Engine | 2024-08-03 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. | ||||
Page 1 of 1.