CVE-2025-71179

Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS version 7.0

Description Reflected Cross-Site Scripting (XSS) occurs when an application includes untrusted data in a web page without proper validation or escaping, allowing an attacker to execute malicious scripts in the victim's browser. The issue exists in the '/academy/blogs' endpoint via the search parameter and in the '/academy/course bundles/search/query' endpoint via the string parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.