CVE-2023-49829

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Dec 15, 2023

Updated: Dec 21, 2023

CWE ID 79

Summary

CVE-2023-49829 is a Cross-Site Scripting (XSS) vulnerability affecting Themeum Tutor LMS, an eLearning and online course solution. The issue arises from improper neutralization of user input during web page generation, allowing an attacker to inject malicious scripts into pages viewed by other users. This vulnerability, which can lead to stolen session tokens or other sensitive data, impacts Tutor LMS versions from n/a through 2.2.4. Users are strongly advised to update their software as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Themeum Tutor Lms

Affected Vendors

THEMEUM

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/toP8Wd
https://www.cve.org/CVERecord?id=CVE-2023-49829
https://nvd.nist.gov/vuln/detail/CVE-2023-49829

Back to Vulnerability Database