CPE Details
CREATIVEITEM Academy LMS (Learning Management System) 6.0
6.0
2023-08-07
12h06 +00:00
12h06 +00:00
2023-08-07
12h12 +00:00
12h12 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:creativeitem:academy_lms:6.0:*:*:*:*:*:*:*
Informations
Vendor
creativeitemProduct
academy_lmsVersion
6.0Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account. | 9.4 |
Critique |
||
| Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 6.1 |
Moyen |
||
| A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 |
Moyen |
