CVE Catalog

CVE-2023-3477

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

A vulnerability was found in RocketSoft Rocket LMS 1.7 affecting unknown code in the /contact/store file of the Contact Form component. Manipulation of the arguments name/subject/message leads to cross site scripting.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update to the latest version of RocketSoft Rocket LMS and implement input data filtering in the contact form.

Original NVD description (English source)

A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS