CVE-2026-31281
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Apr 13, 2026
Vendor
unknown
Description
Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.