CVE-2023-6359

🗓️ 28 Nov 2023 12:01:33Reported by INCIBEType

cve🔗 web.nvd.nist.gov👁 27 Views🌐 WEB

A XSS vulnerability in Alumne LMS v4.0.0.1.08 allows session takeover

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of the e-learning platform Alumne LMS, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.	4 Dec 202300:00	–	bdu_fstec
Circl	CVE-2023-6359	30 Nov 202309:01	–	circl
CNNVD	Alumne LMS Cross-Site Scripting Vulnerability	28 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-6359 Cross-Site Scripting in Alumne LMS	28 Nov 202312:01	–	cvelist
EUVD	EUVD-2023-58600	3 Oct 202520:07	–	euvd
NVD	CVE-2023-6359	28 Nov 202312:15	–	nvd
OSV	CVE-2023-6359	28 Nov 202312:15	–	osv
Prion	Cross site scripting	28 Nov 202312:15	–	prion
Positive Technologies	PT-2023-7322 · Unknown · Alumne Lms	28 Nov 202300:00	–	ptsecurity

NVD

Vulners

Node

grupoalumne alumne_lmsMatch4.0.0.1.08

[
  {
    "defaultStatus": "unaffected",
    "product": "Alumne LMS",
    "vendor": "Grupo Alumne",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0.1.08"
      }
    ]
  }
]

Source	Link
incibe	www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-alumne-lms

Parameter	Position	Path	Description	CWE
localidad	request body	users/editmy	Cross-Site Scripting vulnerability due to unsanitised localidad field on /users/editmy, allowing injection of JavaScript payloads.	CWE-79

17 Jun 2026 06:50Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.4 - 6.1

EPSS0.00388

CWE-79