6 matches found
CVE-2025-65676
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...
CVE-2025-65675
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...
CVE-2025-65676
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...
PT-2025-48176
Name of the Vulnerable Software and Affected Versions Classroomio LMS version 0.1.13 Description An authenticated attacker can execute arbitrary code through crafted SVG cover images. The issue is a stored Cross Site Scripting XSS condition. Recommendations Update to a newer version that contains...
CVE-2025-65675
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...
CVE-2025-65675
The CVE-2025-65675 entry concerns Classroomio LMS 0.1.13, with a stored XSS vulnerability triggered by crafted SVG profile/cover images. The Red Hat, EUVD, NVD, and OSV records confirm the issue is an authenticated XSS that can execute arbitrary code via SVG uploads. The root cause is unsanitized...