CVE-2025-22498

Name of the Vulnerable Software and Affected Versions LucidLMS versions n/a through 1.0.5

Description The issue is an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Reflected XSS. This can be exploited through reflected XSS, where an attacker can inject malicious code into a website, which is then reflected back to the user, potentially allowing the attacker to steal sensitive information or take control of the user's session. There is no information provided about whether this issue has been exploited by attackers or the number of Internet users that can be affected by its exploitation.

Recommendations For LucidLMS versions n/a through 1.0.5, update to a version later than 1.0.5 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages or inputs to minimize the risk of exploitation. Avoid using user-supplied input in sensitive areas of the web application until the issue is resolved. At the moment, there is no additional information about other mitigation measures.