CVE-2023-34831

MEDIUM

Odysseycs Ithacalabs Turnitin Lti - XSS

Title source: rule

Description

The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.

References (2)

Core 2

Core References

Exploit, Vendor Advisory

https://github.com/IthacaLabs/Turnitin/blob/main/Turnitin_LTI_1.3_HTMLi_CVE-2023-34831/Turnitin_LTI_1.3_HTMLi_CVE-2023-34831.txt

View Exploit ZIP pw:eip

Broken Link

https://github.com/IthacaLabs/Turnitin/blob/main/Turnitin_Submission_Web_Form/

Scores

CVSS v3 5.4

EPSS 0.0079

EPSS Percentile 73.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

odysseycs/ithacalabs_turnitin_lti 1.3

Published Jun 29, 2023

Tracked Since Feb 18, 2026