CVE-2023-53876

MEDIUM

Academy LMS 6.1 - XSS

Title source: llm

Description

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.

Exploits (1)

exploitdb WORKING POC
by CraCkEr · textwebappsphp
https://www.exploit-db.com/exploits/51702

References (3)

Scores

CVSS v3 5.4
EPSS 0.0004
EPSS Percentile 10.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-434
Status published

Affected Products (1)

creativeitem/academy_lms

Timeline

Published Dec 15, 2025
Tracked Since Feb 18, 2026