Home / Vulnerability Intelligence / CVE-2026-31281

CVE-2026-31281 - Vulnerability Analysis

N/a

Last Updated: April 13, 2026

Totara LMS - Stored XSS

Published: April 13, 2026Updated: April 13, 2026PoC Available

Overview

Totara LMS <= 19.1.5 contains a stored XSS caused by improper sanitization of message input, letting attackers inject malicious HTML code to execute scripts on victim browsers, exploit requires sending crafted messages.

Severity & Score

Severity: N/a

Impact

Attackers can execute scripts in victim browsers, potentially hijacking sessions and executing commands.

Mitigation

Update to the latest version beyond 19.1.5.

References

https://github.com/saykino/CVE-2026-31281
https://www.totara.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31281
Severity: N/a
Type: stored_xss
Status: new

CVSS Metrics

N/A