Rocket LMS 1.9 Cross Site Scripting

2024.05.22
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

# Title: Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS) # Date: 04/16/2024 # Exploit Author: Sergio Medeiros # Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735 # Software Link: https://lms.rocket-soft.org # Version: 1.9 # Tested on Firefox and Chrome Browsers # Patched Version: Patch Pending # Category: Web Application # CVE: CVE-2024-34241 # Exploit link: https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide # PoC: In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create/edit course description section. Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice. In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request: <details/open/ontoggle=prompt(origin)>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top