CVE Catalog

CVE-2025-65675

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A stored cross-site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

Risk Assessment

An attacker can hijack user sessions, steal data, or spread malicious content within the LMS, compromising data confidentiality and integrity.

Recommendation

Immediately update Classroomio LMS to the latest version and implement validation and sanitization of uploaded SVG files to prevent script injection.

Original NVD description (English source)

Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS