21 matches found
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system provided by the Bangladeshi company Creativeitem. Version 7.0 of Creativeitem Academy LMS contains a security vulnerability. This vulnerability stems from insufficient validation of the string parameters in the /academy/blogs endpoi...
PT-2026-5991
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whi...
CVE-2025-71179
CVE-2025-71179 affects Creativeitem Academy LMS 7.0 and describes reflected XSS vulnerabilities. Exploitable via the search parameter on /academy/blogs and the string parameter on /academy/course_bundles/search/query. The entry notes these flaws are distinct from the CVE-2023-4119 fix affecting /...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 6.14 and earlier, which stems from the use of a hard-coded default JWT key for token signing, which could lead to authentication bypas...
CVE-2025-56747
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...
CVE-2025-56747
Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...
EUVD-2023-44387
Malicious code in bioql PyPI...
CVE-2024-38959
Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter...
CVE-2024-38959
CVE-2024-38959 is a cross-site scripting vulnerability in Creativeitem Academy LMS Learning Management System v6.8.1 . The issue affects the handling of a string parameter , enabling a remote attacker to execute arbitrary code and access sensitive information . The description across multiple tru...
CVE-2024-38959
Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter...
CVE-2024-38959
Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter...
CVE-2023-3752
A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...
CVE-2023-3752
A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...
Cross site scripting
A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...
CVE-2023-3752 Creativeitem Academy LMS courses cross site scripting
A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...
CVE-2023-3752
CVE-2023-3752 describes a cross-site scripting vulnerability in Creativeitem Academy LMS 5.15. The issue arises from manipulating the sort_by parameter in the /home/courses functionality, enabling remote exploitation via the network. Affected component: the /home/courses logic within Creativeitem...
PT-2023-26007 · Unknown · Creativeitem Academy Lms
Name of the Vulnerable Software and Affected Versions: Creativeitem Academy LMS version 5.15 Description: A vulnerability was found in the software, affecting some unknown functionality of the file /home/courses. The manipulation of the sort by argument leads to cross-site scripting. The attack m...