CVE-2024-8002 MEDIUM

CVE-2024-8002: VIWIS LMS File Upload cross site scripting

Vendor Viwis
Product LMS
Weakness CWE-79 · XSS
Published January 8, 2025
Last update January 8, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 9.12 is able to address this issue. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

January 8, 2025 CVE published
January 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-48567 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2025-9849 Html Social share buttons <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-47037 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2026-6619 langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting CVE-2026-33348 OpenEMR has Stored XSS in patient encounter Eye Exam form $CHRONIC2 and $CHRONIC3