CVE Catalog

CVE-2025-65676

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.

Risk Assessment

An attacker can steal user sessions, redirect users to malicious sites, or perform arbitrary actions on behalf of the victim, leading to data confidentiality and integrity breaches.

Recommendation

Immediately update Classroomio LMS to the latest version and implement validation and sanitization of uploaded SVG files to prevent script injection.

Original NVD description (English source)

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS