121 matches found
Academy Learning Management System <5.9.1 - Cross-Site Scripting
Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
Academy LMS 6.2 - Cross-Site Scripting
A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...
Academy LMS 6.2 - SQL Injection
A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument pricemin/pricemax leads to sql injection. The attack may be...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
PT-2026-5991
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whi...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system provided by the Bangladeshi company Creativeitem. Version 7.0 of Creativeitem Academy LMS contains a security vulnerability. This vulnerability stems from insufficient validation of the string parameters in the /academy/blogs endpoi...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
CVE-2025-71179
CVE-2025-71179 affects Creativeitem Academy LMS 7.0 and describes reflected XSS vulnerabilities. Exploitable via the search parameter on /academy/blogs and the string parameter on /academy/course_bundles/search/query. The entry notes these flaws are distinct from the CVE-2023-4119 fix affecting /...
CVE-2025-56748
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
EUVD-2025-34621
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56748
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from the use of predictable Base64 encoded password reset tokens without rate limiting, which could lead...