PT-2019-12974 · Ht2 · Learning Locker
Published
2019-07-16
·
Updated
2019-10-09
·
CVE-2019-12834
CVSS v3.1
7.3
High
| Vector | AC:L/AV:N/A:L/C:L/I:L/PR:N/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
HT2 Labs Learning Locker version 3.15.1
Description
The issue allows for the injection of malicious HTML and JavaScript code into the website's DOM via the PATH INFO to the "dashboards/" URI.
Recommendations
For HT2 Labs Learning Locker version 3.15.1, consider restricting access to the dashboards/ URI until a patch is available. As a temporary workaround, avoid using the PATH INFO to the dashboards/ URI to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Learning Locker