48 matches found
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system provided by the Bangladeshi company Creativeitem. Version 7.0 of Creativeitem Academy LMS contains a security vulnerability. This vulnerability stems from insufficient validation of the string parameters in the /academy/blogs endpoi...
PT-2026-5991
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whi...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
CVE-2025-71179
Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...
CVE-2025-71179
CVE-2025-71179 affects Creativeitem Academy LMS 7.0 and describes reflected XSS vulnerabilities. Exploitable via the search parameter on /academy/blogs and the string parameter on /academy/course_bundles/search/query. The entry notes these flaws are distinct from the CVE-2023-4119 fix affecting /...
CVE-2025-56748
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
EUVD-2025-34621
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56748
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56746
Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining session identifiers...
CVE-2025-56748
CVE-2025-56748 affects Creativeitem Academy LMS up to and including 5.13, with a vulnerability in password reset tokens that are predictable because they rely on Base64-encoded templates and lack rate limiting. This allows brute-force guessing of valid reset tokens and potential account compromis...
Creativeitem Academy LMS 安全漏洞
Creativeitem Academy LMS is an online learning management system from Creativeitem Bangladesh. A security vulnerability exists in Creativeitem Academy LMS version 5.13 and earlier, which stems from failure to regenerate the session ID after successful authentication, which could lead to a session...
CVE-2025-56748
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts...
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...