4 results (0.009 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-47132

https://notcve.org/view.php?id=CVE-2022-47132

03 Feb 2023 — A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. • https://github.com/OpenXP-Research/CVE-2022-47132 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-47131

https://notcve.org/view.php?id=CVE-2022-47131

03 Feb 2023 — A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. • https://github.com/OpenXP-Research/CVE-2022-47131 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-47130

https://notcve.org/view.php?id=CVE-2022-47130

03 Feb 2023 — A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. • https://github.com/OpenXP-Research/CVE-2022-47130 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2

CVE-2022-29380

https://notcve.org/view.php?id=CVE-2022-29380

25 May 2022 — Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. Se ha detectado que Academy-LMS versión v4.3, contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en el panel SEO • https://github.com/OpenXP-Research/CVE-2022-29380 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •