Description
A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.
Published: 2026-06-18
Score: 2.1 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A reflected Cross‑Site Scripting flaw exists in LMS (LAN Management System). Unsanitized GET parameters in the dbrecover.php and netremap.php modules are directly inserted into the HTML response, allowing an attacker to inject arbitrary JavaScript. When an authenticated user follows a crafted link that contains the vulnerable parameters, the injected script executes in that user’s browser session. The impact is that the attacker can execute JavaScript with the privileges of the logged‑in user within the interface, enabling actions such as phishing, data exfiltration, or further malicious activity in the client’s browser.

Affected Systems

Every LMS installation built prior to the code change commit 9c5651b is affected. The vulnerability applies to all instances of the product before this commit, regardless of the product version number. No other vendors or products are mentioned as impacted.

Risk and Exploitability

The CVSS score of 2.1 indicates a low‑severity flaw. EPSS information is unavailable and the vulnerability is not listed in CISA KEV, suggesting active exploitation is unlikely at this time. Exploitation requires social engineering to entice an authenticated user to click a malicious link containing the vulnerable parameters, and the presence of a defined network in the system. Because the attack relies on user interaction and a specific configuration, the likelihood of widespread attacks is reduced, though the damage to the individual user’s session remains significant if successful.

Generated by OpenCVE AI on June 18, 2026 at 19:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the commit 9c5651b, which sanitizes the GET parameters in dbrecover.php and netremap.php
  • If the patch is not immediately available, disable or restrict access to the dbrecover.php and netremap.php modules for users who do not require them
  • Implement input validation or a web application firewall to block unsanitized query strings that could be used for XSS

Generated by OpenCVE AI on June 18, 2026 at 19:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Lms
Lms lms
Vendors & Products Lms
Lms lms

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.
Title Reflected XSS in LMS
Weaknesses CWE-79
References
Metrics cvssV4_0

{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Lms Lms
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-06-18T12:29:09.151Z

Reserved: 2026-04-13T09:36:21.532Z

Link: CVE-2026-40457

cve-icon Vulnrichment

Updated: 2026-06-18T12:29:05.206Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T20:00:15Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')