CVE-2023-49829 — Cross-site Scripting in Tutor LMS Elearning AND Online Course Solution

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

CNA5.9

EPSS

0.1%

top 66.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Themeum Tutor LMS Elearning AND Online Course Solution Themeum Tutor LMS

Timeline

PublishedDec 15

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS – eLearning and online course solution allows Stored XSS.This issue affects Tutor LMS – eLearning and online course solution: from n/a through 2.2.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5themeum/tutor_lms_elearning_and_online_course_solutionn/a — 2.2.4

▶NVDthemeum/tutor_lms2.2.4

🔴Vulnerability Details

CVEList

WordPress Tutor LMS Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS)↗2023-12-15

▶

GHSA

GHSA-w864-g84v-8h25: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS – eLearning and online course↗2023-12-15

▶