Cross-Site Scripting Vulnerability in Creative Item Academy LMS
CVE-2023-38964

6.1MEDIUM

Key Information:

Vendor: Creativeitem
Status: Academy Lms
Vendor: CVE Published:; 4 August 2023

🔔 Create Creativeitem Vulnerability Alert

What is CVE-2023-38964?

Creative Item Academy LMS version 6.0 contains a cross-site scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into web pages viewed by users. This flaw can potentially compromise user data and session information, posing a significant risk to the security of the platform and its users.

References

https://vida03.gitbook.io/redteam/web/cve-2023-38964

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2023
Vulnerability Reserved
Jul 25, 2023