CVE-2024-34241

Name of the Vulnerable Software and Affected Versions Rocketsoft Rocket LMS version 1.9

Description A cross-site scripting (XSS) issue allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications, potentially compromising user sessions.

Recommendations For Rocketsoft Rocket LMS version 1.9, patch immediately and validate user input to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the admin web interface for creating new courses and course notifications until a patch is available.