These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the 'dbrecover.php' and 'netremap.php' modules. The vulnerability allows an attacker to inject arbitrary JavaScript when an authenticated user clicks a crafted link, provided certain conditions are met. The CVSS score for this vulnerability is 2.1, indicating a low severity. This issue was p [truncated]
CVE-2026-40456 is a HIGH-severity OS Command Injection vulnerability in LMS (LAN Management System) before commit 9fcb4de. The vulnerability allows attackers to execute arbitrary operating system commands due to improper validation of an IP address parameter passed to the 'exec()' function. This issue was published on June 18, 2026, and has a CVSS score of 8.6. Organizations using LMS should review their [truncated]
CVE-2021-47907 describes a persistent cross-site scripting issue in the Rocket LMS 1.1 support ticket module. An authenticated user can inject HTML/JavaScript through the title parameter, and the payload may execute when other users view the ticket history. The supplied description ties the issue to common XSS impacts such as session hijacking and phishing, so this is primarily a user-facing data integrit [truncated]