CVE-2026-31281 Totara — Exploit & Vulnerability Details HIGH

CVE-2026-31281

HIGH CVSS 3.1: 8.0 EPSS 0.04%

Parameter	Value
CVSS	8.0 (HIGH)
Type	CWE-79 (Cross-Site Scripting (XSS))
Vendor	Totara
Public PoC	No

Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

References 2

https://github.com/saykino/CVE-2026-31281

cve@mitre.org

https://www.totara.com/

cve@mitre.org

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31282

Totara

9.8

Menu

CVE-2026-31281

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-31282

CVE Details

Editor's Choice

Menu

CVE-2026-31281

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-31282

CVE Details

Editor's Choice

Stay informed on cybersecurity