CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.9%

CVSS Severity

CVSS v3 Score 5.4

References

https://academylms.net/
https://www.exploit-db.com/exploits/51702
https://www.vulncheck.com/advisories/academy-lms-arbitrary-file-upload-vulnerability-via-profile-settings
https://www.exploit-db.com/exploits/51702

Products affected by CVE-2023-53876

Creativeitem » Academy Lms » Version: 6.1

cpe:2.3:a:creativeitem:academy_lms:6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-53876

Products

Pricing

Contact Us