CVE-2023-3753

Name of the Vulnerable Software and Affected Versions Creativeitem Mastery LMS version 1.2

Description A problematic vulnerability has been found in Creativeitem Mastery LMS. This issue affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross-site scripting. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond.

Recommendations For Creativeitem Mastery LMS version 1.2, as a temporary workaround, consider restricting access to the /browse file until a patch is available. Avoid using the search/featured/recommended/skill argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.