CVE-2022-47131
https://notcve.org/view.php?id=CVE-2022-47131
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. • https://blog.hackingforce.com.br/en/xss https://portswigger.net/web-security/csrf https://portswigger.net/web-security/csrf/xss-vs-csrf https://www.linkedin.com/in/xvinicius https://xpsec.co/blog/academy-lms-5-10-add-page-csrf-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-47132
https://notcve.org/view.php?id=CVE-2022-47132
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. • https://portswigger.net/web-security/csrf https://www.linkedin.com/in/xvinicius https://xpsec.co/blog/academy-lms-5-10-add-admin-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-38553
https://notcve.org/view.php?id=CVE-2022-38553
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter. Se ha detectado que Academy Learning Management System versiones anteriores a 5.9.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado por medio del parámetro Search. • https://github.com/4websecurity/CVE-2022-38553 http://academy.com https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 https://demo.creativeitem.com/academy/home https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E https://github.com/4websecurity/CVE-2022-38553/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-29380
https://notcve.org/view.php?id=CVE-2022-29380
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. Se ha detectado que Academy-LMS versión v4.3, contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenada en el panel SEO • https://www.exploit-db.com/exploits/49298 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-22273
https://notcve.org/view.php?id=CVE-2020-22273
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings) Neoflex Video Subscription System versión 2.0, está afectada por una vulnerabilidad de tipo CSRF, que permite que Configuración del Sitio Web sea cambiada (tal y como Payment Settings) • https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22273.pdf https://uploadboy.com/v630a7smyykc/539/mp4 • CWE-352: Cross-Site Request Forgery (CSRF) •