CVE-2026-31281

HIGH

Totara LMS <=v19.1.5 - HTML Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-31281. PoCs published by saykino.

AI-analyzed exploit summary The repository describes an HTML injection vulnerability in Totara LMS's message box, allowing authenticated attackers to inject malicious code that executes in victims' browsers. The writeup includes technical details such as affected versions, attack type, and mitigation steps.

Description

Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.

Exploits (1)

nomisec WRITEUP

by saykino · poc

https://github.com/saykino/CVE-2026-31281

View Code ZIP pw:eip

The repository describes an HTML injection vulnerability in Totara LMS's message box, allowing authenticated attackers to inject malicious code that executes in victims' browsers. The writeup includes technical details such as affected versions, attack type, and mitigation steps.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Totara LMS versions <= 19.1.5

Auth required

Prerequisites: Authenticated access to Totara LMS

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Apr 13, 2026 Full analysis →

References (2)

Core 2

Core References

https://www.totara.com/

https://github.com/saykino/CVE-2026-31281

Scores

CVSS v3 8.0

EPSS 0.0030

EPSS Percentile 21.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Published Apr 13, 2026

Tracked Since Apr 13, 2026