Vulnerabilities > Creativeitem > Academy LMS > 4.3

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2022-47130 Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS 4.3
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page.
network
low complexity
creativeitem CWE-352
4.3
4.3
2023-02-03 CVE-2022-47131 Cross-site Scripting vulnerability in Creativeitem Academy LMS 4.3
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
network
low complexity
creativeitem CWE-79
4.8
4.8
2023-02-03 CVE-2022-47132 Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS 4.3
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
network
low complexity
creativeitem CWE-352
8.8
8.8
2022-05-25 CVE-2022-29380 Cross-site Scripting vulnerability in Creativeitem Academy LMS 4.3
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. 		3.5
3.5