cbcvebase.
CVE-2023-4119
published 2023-08-03

CVE-2023-4119: A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The…

PriorityP340medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.04%
78.7th percentile
A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected

9 ranges
VendorProductVersion rangeFixed in
creativeitemacademy_lms
creativeitemacademy_lms
linuxlinux_kernel>= 2.6.38 < 4.14.3274.14.327
linuxlinux_kernel>= 4.15.0 < 4.19.2844.19.284
linuxlinux_kernel>= 4.20.0 < 5.4.2445.4.244
linuxlinux_kernel>= 5.11.0 < 5.15.1135.15.113
linuxlinux_kernel>= 5.16.0 < 6.1.306.1.30
linuxlinux_kernel>= 5.5.0 < 5.10.1815.10.181
linuxlinux_kernel>= 6.2.0 < 6.3.46.3.4

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.