CVE-2026-40457 - Vulnerability Details - OpenCVE

A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction Active

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://cert.pl/posts/2026/06/CVE-2026-40455
https://github.com/chilek/lms/commit/9c5651b39bfd086cc34fc9a78ddaa8c0815af114
https://lms.org.pl/

History

Thu, 18 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netremap.php" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.
Title		Reflected XSS in LMS
Weaknesses		CWE-79
References		https://cert.pl/posts/2026/06/CVE-2026-40455 https://github.com/chilek/lms/commit/9c5651b39bfd086cc34fc9a78ddaa8c0815af114 https://lms.org.pl/
Metrics		cvssV4_0 `{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2026-06-18T10:58:53.193Z

Updated: 2026-06-18T12:29:09.151Z

Reserved: 2026-04-13T09:36:21.532Z

Link: CVE-2026-40457

Vulnrichment

Updated: 2026-06-18T12:29:05.206Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40457", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2026-04-13T09:36:21.532Z", "datePublished": "2026-06-18T10:58:53.193Z", "dateUpdated": "2026-06-18T12:29:09.151Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "LMS", "repo": "https://github.com/chilek/lms", "vendor": "LMS", "versions": [{"lessThan": "9c5651b", "status": "affected", "version": "0", "versionType": "git"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A network has to be defined in the system<br>"}], "value": "A network has to be defined in the system"}], "credits": [{"lang": "en", "type": "finder", "value": "Tymoteusz Dominik"}], "datePublic": "2026-06-18T10:58:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the \"dbrecover.php\" and \"netremap.php\" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.<br>"}], "value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System)\u00a0before commit 9c5651b in the \"dbrecover.php\" and \"netremap.php\" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 2.1, "baseSeverity": "LOW", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-06-18T10:58:53.193Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/chilek/lms/commit/9c5651b39bfd086cc34fc9a78ddaa8c0815af114"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2026/06/CVE-2026-40455"}, {"tags": ["product"], "url": "https://lms.org.pl/"}], "source": {"discovery": "EXTERNAL"}, "tags": ["x_open-source"], "title": "Reflected XSS in LMS", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-18T12:29:01.396723Z", "id": "CVE-2026-40457", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T12:29:09.151Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40457", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-18T12:29:01.396723Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-18T12:29:05.206Z"}}], "cna": {"tags": ["x_open-source"], "title": "Reflected XSS in LMS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Tymoteusz Dominik"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/chilek/lms", "vendor": "LMS", "product": "LMS", "versions": [{"status": "affected", "version": "0", "lessThan": "9c5651b", "versionType": "git"}], "defaultStatus": "unaffected"}], "datePublic": "2026-06-18T10:58:00.000Z", "references": [{"url": "https://github.com/chilek/lms/commit/9c5651b39bfd086cc34fc9a78ddaa8c0815af114", "tags": ["patch"]}, {"url": "https://cert.pl/posts/2026/06/CVE-2026-40455", "tags": ["third-party-advisory"]}, {"url": "https://lms.org.pl/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System)\u00a0before commit 9c5651b in the \"dbrecover.php\" and \"netremap.php\" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.", "supportingMedia": [{"type": "text/html", "value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the \"dbrecover.php\" and \"netremap.php\" modules where unsanitized GET parameters are directly embedded into HTML output. This allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided the required conditions (such as a network defined in the system) are met.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "configurations": [{"lang": "en", "value": "A network has to be defined in the system", "supportingMedia": [{"type": "text/html", "value": "A network has to be defined in the system<br>", "base64": false}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2026-06-18T10:58:53.193Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40457", "state": "PUBLISHED", "dateUpdated": "2026-06-18T12:29:09.151Z", "dateReserved": "2026-04-13T09:36:21.532Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2026-06-18T10:58:53.193Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.2"}