CVE-2023-38964
published 2023-08-04CVE-2023-38964: Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.06%
60.2th percentile
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| creativeitem | academy_lms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Academy LMS 6.0 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2023-38964 [MEDIUM] Academy LMS 6.0 - Cross-Site Scripting
Academy LMS 6.0 - Cross-Site Scripting
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
Template:
id: CVE-2023-38964
info:
name: Academy LMS 6.0 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Apply the latest security patches provided by the vendor to mitigate the XSS vulnerability in Creative Item Academy LMS 6.0.
r
2023-08-04
Published