CVE-2022-38553

moderate-risk
Published 2022-09-26

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

Do I need to act?

!
30.7% chance of exploitation in next 30 days
EPSS score — higher than 69% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Creativeitem

References (10)

Product http://academy.com
Product https://codecanyon.net/item/academy-course-based-learning-management-system/2270...
Product https://demo.creativeitem.com/academy/home/
https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%...
Exploit https://github.com/4websecurity/CVE-2022-38553/blob/main/README.md
Product http://academy.com
Product https://codecanyon.net/item/academy-course-based-learning-management-system/2270...
Product https://demo.creativeitem.com/academy/home/
https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%...
Exploit https://github.com/4websecurity/CVE-2022-38553/blob/main/README.md
44
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 16/34 · Moderate
Exposure 5/34 · Minimal