HomePentest-Tools.com Logo

Academy Learning Management System <5.9.1 - Cross-Site Scripting CVE-2022-38553

Severity
CVSSv3 Score
6.1
Vulnerability description

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n

Risk description

No risk description to display.

Recommendation

Upgrade to Academy Learning Management System version 5.9.1 or later to mitigate the XSS vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Sep 26, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available