CVE-2023-4973

Name of the Vulnerable Software and Affected Versions Academy LMS version 6.2

Description A vulnerability was found in the GET Parameter Handler component of Academy LMS, affecting an unknown functionality of the file /academy/tutor/filter. The manipulation of the arguments searched word, searched tution class type[], searched price type[], and searched duration[] leads to cross-site scripting. The attack can be launched remotely.

Recommendations For Academy LMS version 6.2, consider restricting access to the vulnerable GET Parameter Handler component until a patch is available. As a temporary workaround, avoid using the arguments searched word, searched tution class type[], searched price type[], and searched duration[] in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.