Rocket LMS 1.9 Cross Site Scripting

2024.05.22

Credit: Sergio Medeiros

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2024-34241

CWE: CWE-79

# Title: Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)
# Date: 04/16/2024
# Exploit Author: Sergio Medeiros
# Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735
# Software Link: https://lms.rocket-soft.org
# Version: 1.9
# Tested on Firefox and Chrome Browsers
# Patched Version: Patch Pending
# Category: Web Application
# CVE: CVE-2024-34241
# Exploit link: https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide
# PoC:
In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create/edit course description section.
Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice.
In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request:
<details/open/ontoggle=prompt(origin)>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Rocket LMS 1.9 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.