MEDIUM
Lms
CVE published 2026-05-10
CVE-2021-47907
CVE-2021-47907 describes a persistent cross-site scripting issue in the Rocket LMS 1.1 support ticket module. An authenticated user can inject HTML/JavaScript through the title parameter, and the payload may execute when other users view the ticket history. The supplied description ties the issue to common XSS impacts such as session hijacking and phishing, so this is primarily a user-facing data integrit [truncated]