A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.
References
Link | Resource |
---|---|
https://vuldb.com/?ctiid.232756 | Permissions Required Third Party Advisory VDB Entry |
https://vuldb.com/?id.232756 | Third Party Advisory VDB Entry |
Configurations
History
06 Jul 2023, 18:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:rocketsoft:rocket_lms:1.7:*:*:*:*:*:*:* | |
References | (MISC) https://vuldb.com/?id.232756 - Third Party Advisory, VDB Entry | |
References | (MISC) https://vuldb.com/?ctiid.232756 - Permissions Required, Third Party Advisory, VDB Entry |
30 Jun 2023, 12:59
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-30 08:15
Updated : 2024-05-17 02:27
NVD link : CVE-2023-3477
Mitre link : CVE-2023-3477
CVE.ORG link : CVE-2023-3477
JSON object : View
Products Affected
rocketsoft
- rocket_lms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')