CVE-2024-8002 | VIWIS LMS 9.11 File Upload filename cross site scripting

Posted by Angelo Barbosa | Jan 8, 2025 | CVE

A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argument filename leads to cross site scripting.

This vulnerability is known as CVE-2024-8002. The attack can be launched remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-8002 | VIWIS LMS 9.11 File Upload filename cross site scripting

Related Posts

CVE-2024-2813 | Tenda AC15 15.03.20_multi fast_setting_wifi_set form_fast_setting_wifi_set ssid stack-based overflow

CVE-2021-47151 | Linux Kernel up to 5.10.41/5.12.8 interconnect of_node_put memory leak (4e3cea8035b6/93d1dbe7043b/a00593737f8b)

CVE-2024-37885 | Nextcloud Desktop Client up to 3.11.x on macOS DYLD_INSERT_LIBRARIES code injection (GHSA-4mf7-v63m-99p7)

CVE-2023-6503 | WP Plugin Lister Plugin up to 2.1.0 on WordPress Setting cross-site request forgery