CVE-2022-31786

Name of the Vulnerable Software and Affected Versions IdeaLMS version 2022

Description The issue allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH INFO. This means an attacker can inject malicious scripts into the website, potentially stealing user data or taking control of user sessions.

Recommendations For IdeaLMS version 2022, update to a version that fixes the reflected Cross Site Scripting issue, or as a temporary workaround, consider restricting access to the IdeaLMS/Class/Assessment/ PATH INFO to minimize the risk of exploitation.