CVE-2023-46693: Forma LMS 4.0.5

Login Form

LATEST RELEASE

****Forma LMS 4.0.5****

This is the latest stable release, only available to Association Members and Contributors.
Read below the detailed list of changes and improvements

Log-in as a member or contributor to download

Free Download

Forma LMS 3.3.17

Public stable release, available for everyone to download.
Become a member to get the latest release and benefit of lots of new features and improvements

This is a maintenance release featuring a few minor bugs and accessibility improvements, and addressing some security vulnerabilities.
Thanks to Dell’Orco Antonio for Deloitte Risk Advisory Italy for reporting!

Changelog:

- # - fix report and sms manager
- # - fix groupmanagement acl
- # - fix static function call
- # - fix mailer and advanced search
- # - #20179 - SQL injection vulnerability in appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata - CVE-2022-42924
- # - #20070 - Vulnerability - SQL Injection in adm/mediagallery/delete - CVE-2022-42923
- # - #20069 - Vulnerability - XSS in appLms/index.php?modname=faq&op=play - CVE-2022-41679
- # - #20177 - Vulnerability reflected-XSS in the title of discussions in the course forums - CVE-2023-46693
- # - #20178 - Vulnerability reflected-XSS in management of educational objects, through the FAQ title - CVE-2023-46693
- # - #20176 - Vulnerability reflected-XSS in the title parameter of the course advice - CVE-2023-46693
- # - fix typo in smtp password property handler
- # - fix lib.subscribe.php exception
- # - update composer libraries
- # - fix track object static properties definition and usage.
- # - fix typo in advice
- # - fix course end date when course_date is null
- # - fix soaplms adding not defined class properties
- # - fix system status check screen
- # - Fix learning object visibility for students.
- # - add migration to reset from 0000-00-00 00:00:00 to null learning object visibility.
- # - update readme
- # - #20174: fixed navigation with keyboard inside course’s LOs, sized some fonts to 12px
- # - remove canRelExceptional function
- # - Upgraded template version number
- # - #20173: added highlight on focus of LO items
- # - add not assigned option in folder template and required domain and title in admindomain
- # - reverted back tinymce component
- # - Fixed issues related to classroom courses in calendar widget; improved accessibility for course date classroom courses popup.
- # - fix mod template in node selectors

Looking for SUPPORT?

forma.lms is a beautiful piece of software, with lots of features and configuration options, but for this same reason
you may need some help, or need some custom development, or maybe you could stumble into some small bug

In these cases, you have two choices:

Join the community forum for
FREE SUPPORT
The community forum is very active, with 4000+ members and over 12.000 messages.
Just get in and see what happens (but please remember people here are volunteering, so always be patient and polite)

Ask the Forma Partners for
PROFESSIONAL SUPPORT
The project founders and developers can provide professional services to support your adventure with Forma LMS.
If you are in a hurry or need an easy solution for a complex situation, well these are the guys you were looking for!