2 matches found
CVE-2025-56749
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account...
PT-2023-26706 · Unknown · Creativeitem Academy Lms
Name of the Vulnerable Software and Affected Versions: Creative Item Academy LMS version 6.0 Description: A cross-site scripting XSS issue was discovered. This type of issue allows attackers to inject malicious scripts into content from otherwise trusted websites. Recommendations: For Creative It...