Rocketsoft Rocket Lms vulnerabilities
3 known vulnerabilities affecting rocketsoft/rocket_lms.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-34241P4MEDIUMCVSS 4.8PoCv1.92024-05-17
CVE-2024-34241 [MEDIUM] CWE-79 CVE-2024-34241: A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to s
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.
nvd
CVE-2021-47907P4MEDIUMCVSS 6.4v1.12026-05-10
CVE-2021-47907 [MEDIUM] CWE-79 CVE-2021-47907: Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browsers of other users viewing the message history, enabling
nvd
CVE-2023-3477P4MEDIUMCVSS 6.1v1.72023-06-30
CVE-2023-3477 [MEDIUM] CWE-79 CVE-2023-3477: A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vu
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is
nvd