CVE-2025-71179

Medium CVSS: 6.1

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course_bundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, which only fixed XSS in query and sort_by parameters to the /academy/home/courses endpoint.

Vendor

Creativeitem

Product

Academy Lms

CWE

CWE-79

Yayın Tarihi

2026-02-03 18:16:18

Güncelleme

2026-02-10 14:02:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Academy Lms MEDIUM Creativeitem 2026

Referanslar

https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 https://creativeitem.com/products/academy-learning-management-system/ https://github.com/cod3rLucas/security-advisories/blob/main/CVE-2025-71179.md https://www.exploit-db.com/exploits/51654

Benzer Kayıtlar

Medium

CVE-2023-53876

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with…

Medium

CVE-2025-56748

Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templat…

Critical

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictabl…

Low

CVE-2025-56746

Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabli…

Medium

CVE-2025-56747

Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor co…

Medium

CVE-2025-40990

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user…