CVE Catalog
CVE-2025-65675
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.20%
10th percentile - higher than 10% of all known CVEs
Summary
A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.
Risk Assessment
An attacker can hijack user sessions, steal data, or spread malicious content within the LMS, compromising data confidentiality and integrity.
Recommendation
Immediately update Classroomio LMS to the latest version and implement validation and sanitization of uploaded SVG files to prevent script injection.
Original NVD description (English source)
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

