CVE-2025-11304

MEDIUM

CodeCanyon/ui-lib Mentor LMS <1.1.1 - XSS

Title source: llm

Description

A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0001
EPSS Percentile 2.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Classification

CWE
CWE-942 CWE-346
Status draft

Timeline

Published Oct 05, 2025
Tracked Since Feb 18, 2026