Vulnerability Details CVE-2023-34831
The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.2%
CVSS Severity
CVSS v3 Score 5.4
References
- https://github.com/IthacaLabs/Turnitin/blob/main/Turnitin_LTI_1.3_HTMLi_CVE-2023-34831/Turnitin_LTI_1.3_HTMLi_CVE-2023-34831.txt
- https://github.com/IthacaLabs/Turnitin/blob/main/Turnitin_Submission_Web_Form/
- https://github.com/IthacaLabs/Turnitin/blob/main/Turnitin_LTI_1.3_HTMLi_CVE-2023-34831/Turnitin_LTI_1.3_HTMLi_CVE-2023-34831.txt
- https://github.com/IthacaLabs/Turnitin/blob/main/Turnitin_Submission_Web_Form/
Products affected by CVE-2023-34831
-
cpe:2.3:a:odysseycs:ithacalabs_turnitin_lti:1.3