2 matches found
CVE-2024-34241
Summary: CVE-2024-34241 describes a stored XSS in Rocketsoft Rocket LMS 1.9. An administrator can inject a JavaScript payload through the admin web interface when creating new courses or course notifications, enabling script execution in the context of other users. Affected product: Rocketsoft Ro...
CVE-2023-3477
The CVE-2023-3477 issue affects RocketSoft Rocket LMS 1.7, specifically the Contact Form component at /contact/store. The root cause described across connected docs is that the name/subject/message parameters can be manipulated to trigger cross-site scripting, with remote initiation. Several sour...