CVE-2023-6359

CVSS V2 None CVSS V3 None
Description
A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the 'localidad' field on the /users/editmy page.
Overview
  • CVE ID
  • CVE-2023-6359
  • Assigner
  • INCIBE
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-11-28T12:01:33.644Z
  • Last Modified Date
  • 2023-11-28T12:01:33.644Z
History
Created Old Value New Value Data Type Notes
2024-06-25 07:16:43 Added to TrackCVE