CVE-2020-36960 — Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like ' — CVE Database · The Intelligence Room