CVE-2024-41572
MEDIUMLearning with Texts 2.0.3 - Unauthenticated Stored Cross-Site Scripting via URL Parameter
Title source: llmDescription
Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.
References (1)
Core 1
Core References
Third Party Advisory
https://medium.com/%40ChadSecurity/cve-2024-41572-68397fae354b
Scores
CVSS v3
6.1
EPSS
0.0029
EPSS Percentile
20.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
lang-learn-guy/learning_with_texts
2.0.3
Published
Aug 21, 2024
Tracked Since
Feb 18, 2026