CVE-2023-3753
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
A vulnerability has been found in Creativeitem Mastery LMS version 1.2 that allows cross site scripting attacks through manipulation of an argument in the /browse file. The attack can be initiated remotely.
Risk Assessment
This vulnerability may lead to session hijacking and data theft. Organizations should be aware of the risks associated with this flaw being exploited by malicious actors.
Recommendation
It is recommended to update the system to the latest version to mitigate this vulnerability. Additionally, monitoring logs and implementing extra protections against XSS attacks is advised.
Original NVD description (English source)
A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

