CVE-2025-65675

Medium CVSS: 5.4

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

Vendor

Classroomio

Product

Classroomio

CWE

CWE-79

Yayın Tarihi

2025-11-26 19:15:48

Güncelleme

2025-12-05 14:12:39

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Classroomio MEDIUM Classroomio 2025

Referanslar

http://classroomio.com https://github.com/Rivek619/CVE-2025-65675 https://github.com/classroomio/classroomio https://github.com/Rivek619/CVE-2025-65675

Benzer Kayıtlar

High

CVE-2025-67298

An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and…

Medium

CVE-2025-65670

An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpo…

Medium

CVE-2025-65676

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbi…

Critical

CVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without…

High

CVE-2025-65672

Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course sett…