A vulnerability marked as problematic has been reported in epoupon lms up to 3.76.0 . Affected by this issue is the function TextFormat::UnsafeXHTML of the file src/lms/ui/Utils.cpp of the component Web Interface . Performing a manipulation results in cross site scripting. This vulnerability is known as CVE-2026-48559 . Remote exploitation of the attack is possible. No exploit is available.