Lucene search

K
exploitdbVinicius AlvesEDB-ID:49298
HistoryDec 21, 2020 - 12:00 a.m.

Academy-LMS 4.3 - Stored XSS

2020-12-2100:00:00
Vinicius Alves
www.exploit-db.com
163

7.4 High

AI Score

Confidence

Low

# Exploit Title: Academy-LMS 4.3 - Stored XSS
# Date: 19/12/2020
# Vendor page: https://academy-lms.com/
# Version: 4.3
# Tested on Win10 and Google Chrome
# Exploit Author: Vinicius Alves

# XSS Payload: </script><svg onload=alert();>

1) Access LMS and log in to admin panel
2) Access courses page
3) Open course manager and SEO menu
4) Paste the XSS Payload tag and Submit
5) Access the course page on frontend
6) Trigged!

7.4 High

AI Score

Confidence

Low