Nikola Kojic

1 exploit Active since Jun 2018
CVE-2018-12090 EXPLOITDB MEDIUM text WORKING POC
LAMS < 3.1 - Unauthenticated Reflected Cross-Site Scripting via Forgot Password Key Parameter
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
CVSS 6.1