CVE-2024-34241

EIP tracks 1 public exploit for CVE-2024-34241. PoCs published by Sergio Medeiros.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Rocket LMS 1.9 by injecting a malicious payload into the WYSIWYG editor's description parameter. The payload triggers a JavaScript prompt when the description is rendered, confirming the vulnerability.

A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.