Rocket LMS 1.9 Cross-Site Scripting Vulnerability
CVE-2024-34241

4.8MEDIUM

Key Information:

Vendor: Rocketsoft
Status: Rocket Lms
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-34241?

A cross-site scripting (XSS) vulnerability in Rocketsoft's Rocket LMS version 1.9 permits an administrator to embed a JavaScript payload via the admin web interface. This occurs during the creation of new courses and notifications, potentially enabling an attacker to execute malicious scripts in the context of a user’s session. Such vulnerabilities can lead to session hijacking, data theft, and disruption of service, necessitating immediate attention to mitigate associated risks.

References

https://grumpz.net/cve-2024-34241-a-step-by-step-discover...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024

CVE-2024-34241 Data

JSON