Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

📄 Classroomio LMS 0.1.13 Cross Site Scripting

🗓️ 25 Nov 2025 00:00:00Reported by Rivek Raj TamangType 
packetstorm
 packetstorm🔗 packetstorm.news👁 125 Views

Stored XSS in ClassroomIO LMS 0.1.13 allows authenticated users to upload SVG covers to execute code.

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2025-65675
24 Nov 202521:00
circl
Circl		CVE-2025-65676
24 Nov 202516:42
circl
CNNVD		ClassroomIO.com 安全漏洞
26 Nov 202500:00
cnnvd
CNNVD		ClassroomIO.com 安全漏洞
26 Nov 202500:00
cnnvd
CVE		CVE-2025-65675
26 Nov 202500:00
cve
CVE		CVE-2025-65676
26 Nov 202500:00
cve
Cvelist		CVE-2025-65675
26 Nov 202500:00
cvelist
Cvelist		CVE-2025-65676
26 Nov 202500:00
cvelist
EUVD		EUVD-2025-199749
26 Nov 202521:31
euvd
EUVD		EUVD-2025-199751
26 Nov 202521:31
euvd
Rows per page
# CVE-2025-65676
     Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.
    
    **Affected Product: ClassroomIO**
    * Affected Version: 0.1.13
    * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**
    
    ## Vulnerability Details
    Stored Cross Site Scripting
    
    # Summary
    A Stored Cross-Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, where the application fails to sanitize course cover image uploads. An authenticated attacker can upload a malicious SVG file containing embedded JavaScript, which is then stored and executed whenever the course cover image is viewed. Because the payload is executed from a trusted domain, this flaw can lead to session hijacking, account takeover, redirection attacks, or further exploitation within the platform.
    
    ## Steps to Reproduce
    
    1. Log in and go to created course or create one
    
    2. Click on landing page
    
    3. Click on Header > replace image cover
    
    3. Select the xss svg file and click on upload
    
    4. Wait for it to save, refresh the page
    
    <img width="1919" height="858" alt="image" src="https://github.com/user-attachments/assets/40c1eaee-439c-4cd8-9b7c-d2ea1b9d4ba9" />
    
    6. Right click on the course cover image and open on a new tab
    
    7. Note the stored xss being popped.
    
    <img width="701" height="361" alt="image" src="https://github.com/user-attachments/assets/ef9b4d7d-627e-403b-9e45-6ae7417f7c11" />
    
    
    # Acknowledgement 
    
    This vulnerability was discovered and responsibly reported by:
    
    **Rivek Raj Tamang (RivuDon) from Sikkim, India** 
    
    https://www.linkedin.com/in/rivektamang/
    
    https://rivudon.medium.com/
    
    
    ------------------------
    
    
    # CVE-2025-65675
    Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.
    
    **Affected Product: ClassroomIO**
    * Affected Version: 0.1.13
    * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**
    
    ## Vulnerability Details
    Stored Cross Site Scripting
    
    # Summary
    A Stored Cross-Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, where the application fails to sanitize SVG profile image uploads. An authenticated attacker can upload a malicious SVG file containing embedded JavaScript, which is then stored and executed whenever the profile image is viewed. Because the payload is executed from a trusted domain, this flaw can lead to session hijacking, account takeover, redirection attacks, or further exploitation within the platform.
    
    ## Steps to Reproduce
    
    1. Log in and go to profile settings
    
    2. Click on upload image
    
    3. Select the xss svg file and click on upload
    
    4. Wait for it to save
    
    <img width="1564" height="700" alt="image" src="https://github.com/user-attachments/assets/46dffab6-bc8c-45c4-ac4e-945f1aef01c4" />
    
    
    6. Right click on the profile picture and open on a new tab
    
    7. Note the stored xss being popped.
    
    <img width="576" height="298" alt="image" src="https://github.com/user-attachments/assets/4dbcfecd-a565-4e9b-aba3-304f09246b17" />
    
    
    # Acknowledgement 
    
    This vulnerability was discovered and responsibly reported by:
    
    **Rivek Raj Tamang (RivuDon) from Sikkim, India** 
    
    https://www.linkedin.com/in/rivektamang/
    
    https://rivudon.medium.com/

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Nov 2025 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 3.15.4
EPSS0.00039
SSVC
stored cross site scriptingclassroomio lmssvg cover imagesauthenticated userscode execution
125