Vulnerability CVE-2024-34241
Published: 2024-05-17

Description:
A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Rocket LMS 1.9 Cross Site Scripting
Sergio Medeiros
22.05.2024

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide
Copyright 2024, cxsecurity.com

 

Back to Top