CVE-2026-40457

Sažetak

A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.

Reference

https://cert.pl/posts/2026/06/CVE-2026-40455
https://github.com/chilek/lms/commit/9c5651b39bfd086cc34fc9a78ddaa8c0815af114
https://lms.org.pl/

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

22-06-2026 - 17:49

Objavljeno

18-06-2026 - 14:17