CVE-2024-41572

MEDIUM

Learning with Texts 2.0.3 - Unauthenticated Stored Cross-Site Scripting via URL Parameter

Title source: llm
STIX 2.1

Description

Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.

References (1)

Core 1

Scores

CVSS v3 6.1
EPSS 0.0029
EPSS Percentile 20.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
lang-learn-guy/learning_with_texts 2.0.3
Published Aug 21, 2024
Tracked Since Feb 18, 2026