CVE-2022-38553

Опубликовано: 26 сент. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

Ссылки

http://academy.com
Product
https://codecanyon.net/item/academy-course-based-learning-management-system/22703468
Product
Third Party Advisory
https://demo.creativeitem.com/academy/home/
Product
https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E
https://github.com/4websecurity/CVE-2022-38553/blob/main/README.md
Exploit
Third Party Advisory
http://academy.com
Product
https://codecanyon.net/item/academy-course-based-learning-management-system/22703468
Product
Third Party Advisory
https://demo.creativeitem.com/academy/home/
Product
https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E
https://github.com/4websecurity/CVE-2022-38553/blob/main/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:creativeitem:academy_learning_management_system:*:*:*:*:*:*:*:*

Версия до 5.9.1 (исключая)

EPSS

Процентиль: 92%

0.07869

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-m5cg-qjmp-pw59