Vulnerabilities > Creativeitem

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2022-47131 Cross-site Scripting vulnerability in Creativeitem Academy LMS
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
network
low complexity
creativeitem CWE-79
4.8
4.8
2023-02-03 CVE-2022-47132 Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Academy LMS
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
network
low complexity
creativeitem CWE-352
8.8
8.8
2022-09-26 CVE-2022-38553 Cross-site Scripting vulnerability in Creativeitem Academy Learning Management System
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
network
low complexity
creativeitem CWE-79
6.1
6.1
2022-05-25 CVE-2022-29380 Cross-site Scripting vulnerability in Creativeitem Academy LMS 4.3
Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
network
low complexity
creativeitem CWE-79
4.8
4.8
2020-11-04 CVE-2020-22273 Cross-Site Request Forgery (CSRF) vulnerability in Creativeitem Neoflex Video Subscription System 2.0
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)
network
low complexity
creativeitem CWE-352
6.5
6.5
2018-10-19 CVE-2018-18417 Cross-site Scripting vulnerability in Creativeitem Ekushey Project Manager 3.1
In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI.
network
low complexity
creativeitem CWE-79
5.4
5.4