6 matches found
CVE-2025-65676
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...
CVE-2025-65676
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...
CVE-2025-65675
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...
CVE-2025-65675
The CVE-2025-65675 entry concerns Classroomio LMS 0.1.13, with a stored XSS vulnerability triggered by crafted SVG profile/cover images. The Red Hat, EUVD, NVD, and OSV records confirm the issue is an authenticated XSS that can execute arbitrary code via SVG uploads. The root cause is unsanitized...
PT-2025-48176
Name of the Vulnerable Software and Affected Versions Classroomio LMS version 0.1.13 Description An authenticated attacker can execute arbitrary code through crafted SVG cover images. The issue is a stored Cross Site Scripting XSS condition. Recommendations Update to a newer version that contains...
CVE-2025-65675
Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures...