CVE Catalog

CVE-2023-3753

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

A vulnerability has been found in Creativeitem Mastery LMS version 1.2 that allows cross site scripting attacks through manipulation of an argument in the /browse file. The attack can be initiated remotely.

Risk Assessment

This vulnerability may lead to session hijacking and data theft. Organizations should be aware of the risks associated with this flaw being exploited by malicious actors.

Recommendation

It is recommended to update the system to the latest version to mitigate this vulnerability. Additionally, monitoring logs and implementing extra protections against XSS attacks is advised.

Original NVD description (English source)

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS