CVE-2021-25029

The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:cluevo:learning_management_system:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2022-02-07 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-25029

Mitre link : CVE-2021-25029

CVE.ORG link : CVE-2021-25029


JSON object : View

Products Affected

cluevo

  • learning_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')