CVE-2022-38553

MEDIUM NUCLEI

Academy Learning Management System <5.9.1 - XSS

Title source: llm

Description

Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.

Exploits (1)

nomisec WORKING POC 2 stars

by 4websecurity · poc

https://github.com/4websecurity/CVE-2022-38553

View Code ZIP pw:eip

Nuclei Templates (1)

Academy Learning Management System <5.9.1 - Cross-Site Scripting

MEDIUMVERIFIEDby edoardottt

Shodan: http.html:"study any topic, anytime"

FOFA: body="study any topic, anytime"

References (5)

[Product] http://academy.com

[Product, Third Party Advisory] https://codecanyon.net/item/academy-course-based-learning-management-system/22703468

[Product] https://demo.creativeitem.com/academy/home/

[Various Sources] https://demo.creativeitem.com/academy/home/search?query=%22%3E%3Cscript%3Ealert%28%22XSS%22%29%3C/script%3E

[Exploit, Third Party Advisory] https://github.com/4websecurity/CVE-2022-38553/blob/main/README.md

Scores

CVSS v3 6.1

EPSS 0.3074

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

creativeitem/academy_learning_management_system < 5.9.1

Published Sep 26, 2022

Tracked Since Feb 18, 2026