CVE-2022-38553
published 2022-09-26CVE-2022-38553: Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
PriorityP336medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.25%
80.7th percentile
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| creativeitem | academy_learning_management_system | < 5.9.1 | 5.9.1 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Academy Learning Management System <5.9.1 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-38553 [MEDIUM] Academy Learning Management System <5.9.1 - Cross-Site Scripting
Academy Learning Management System alert(document.domain)'
- 'Study any topic'
condition: and
- type: word
part: header
words:
- 'text/html'
- type: status
status:
- 200
# digest: 4a0a0047304502205cf0a5f5aa3d1d77a548e9f1736f7ad85f5fbfa7190d603db2bd4315d06b6923022100a94c509924ffd5f413fcc5506ff9effb5fb0b0ce6e378d8357eb04c15387104b:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
http://academy.comhttps://codecanyon.net/item/academy-course-based-learning-management-system/22703468https://demo.creativeitem.com/academy/home/https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3Ehttps://github.com/4websecurity/CVE-2022-38553/blob/main/README.mdhttp://academy.comhttps://codecanyon.net/item/academy-course-based-learning-management-system/22703468https://demo.creativeitem.com/academy/home/https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3Ehttps://github.com/4websecurity/CVE-2022-38553/blob/main/README.md
2022-09-26
Published