CVE-2023-53876

MEDIUM

Academy LMS 6.1 - XSS

Title source: llm

Description

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.

Exploits (1)

exploitdb WORKING POC
by CraCkEr · textwebappsphp
https://www.exploit-db.com/exploits/51702

References (3)

Scores

CVSS v3 5.4
EPSS 0.0005
EPSS Percentile 15.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-434
Status published
Products (2)
Creativeitem/Academy LMS 6.1
creativeitem/academy_lms 6.1
Published Dec 15, 2025
Tracked Since Feb 18, 2026