CVE-2023-3477
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A vulnerability was found in RocketSoft Rocket LMS 1.7 affecting unknown code in the /contact/store file of the Contact Form component. Manipulation of the arguments name/subject/message leads to cross site scripting.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.
Recommendation
It is recommended to update to the latest version of RocketSoft Rocket LMS and implement input data filtering in the contact form.
Original NVD description (English source)
A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.

