CVE-2022-47131

CVE-2022-47131

CVSS 4.8 MEDIUMEPSS 0.4%CWE-352

A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.hackingforce.com.br/en/xss https://github.com/OpenXP-Research/CVE-2022-47131 https://portswigger.net/web-security/csrf https://portswigger.net/web-security/csrf/xss-vs-csrf https://www.linkedin.com/in/xvinicius/https://xpsec.co/blog/academy-lms-5-10-add-page-csrf-xss