Lucene search
K

21 matches found

NVD
NVD
added 2026/02/03 6:16 p.m.11 views

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

6.1CVSS0.00238EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system provided by the Bangladeshi company Creativeitem. Version 7.0 of Creativeitem Academy LMS contains a security vulnerability. This vulnerability stems from insufficient validation of the string parameters in the /academy/blogs endpoi...

6.1CVSS5.6AI score0.00238EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-5991

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whi...

6.1CVSS5.2AI score0.0202EPSS
Exploits4References7
CVE
CVE
added 2026/02/03 12:0 a.m.11 views

CVE-2025-71179

CVE-2025-71179 affects Creativeitem Academy LMS 7.0 and describes reflected XSS vulnerabilities. Exploitable via the search parameter on /academy/blogs and the string parameter on /academy/course_bundles/search/query. The entry notes these flaws are distinct from the CVE-2023-4119 fix affecting /...

6.1CVSS5.3AI score0.00238EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/16 12:40 a.m.16 views

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...

2.2CVSS6.9AI score0.00156EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/15 12:0 a.m.8 views

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...

0.00156EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.3 views

Creativeitem Academy LMS 安全漏洞

Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 6.14 and earlier, which stems from the use of a hard-coded default JWT key for token signing, which could lead to authentication bypas...

9.4CVSS6.8AI score0.00451EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/14 12:0 a.m.3 views

CVE-2025-56747

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...

6.6AI score0.00263EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/10/14 12:0 a.m.7 views

CVE-2025-56747

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Apiinstructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management...

0.00263EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-44387

Malicious code in bioql PyPI...

6.1CVSS4.9AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2024/07/09 9:15 p.m.5 views

CVE-2024-38959

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter...

6.1CVSS6.1AI score0.00669EPSS
Exploits1References1
CVE
CVE
added 2024/07/09 12:0 a.m.48 views

CVE-2024-38959

CVE-2024-38959 is a cross-site scripting vulnerability in Creativeitem Academy LMS Learning Management System v6.8.1 . The issue affects the handling of a string parameter , enabling a remote attacker to execute arbitrary code and access sensitive information . The description across multiple tru...

6.1CVSS7.2AI score0.00669EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/09 12:0 a.m.11 views

CVE-2024-38959

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter...

7.1AI score0.00669EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/09 12:0 a.m.16 views

CVE-2024-38959

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter...

0.00669EPSS
Exploits1References1
OSV
OSV
added 2023/07/19 2:15 a.m.5 views

CVE-2023-3752

A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...

6.1CVSS3.8AI score
Exploits0References2
NVD
NVD
added 2023/07/19 2:15 a.m.19 views

CVE-2023-3752

A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...

6.1CVSS4.4AI score0.00312EPSS
Exploits0References2
Prion
Prion
added 2023/07/19 2:15 a.m.27 views

Cross site scripting

A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...

4CVSS5.9AI score0.00312EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/07/19 1:31 a.m.29 views

CVE-2023-3752 Creativeitem Academy LMS courses cross site scripting

A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sortby leads to cross site scripting. The attack may be launched remotely. VDB-234422 is t...

4CVSS6.2AI score0.00312EPSS
Exploits0References2
CVE
CVE
added 2023/07/19 1:31 a.m.51 views

CVE-2023-3752

CVE-2023-3752 describes a cross-site scripting vulnerability in Creativeitem Academy LMS 5.15. The issue arises from manipulating the sort_by parameter in the /home/courses functionality, enabling remote exploitation via the network. Affected component: the /home/courses logic within Creativeitem...

6.1CVSS4.7AI score0.00312EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/19 12:0 a.m.5 views

PT-2023-26007 · Unknown · Creativeitem Academy Lms

Name of the Vulnerable Software and Affected Versions: Creativeitem Academy LMS version 5.15 Description: A vulnerability was found in the software, affecting some unknown functionality of the file /home/courses. The manipulation of the sort by argument leads to cross-site scripting. The attack m...

6.1CVSS4.1AI score0.00312EPSS
Exploits0References6
Rows per page
Query Builder