CNNVD-202602-331 Information

CNNVD ID

CNNVD-202602-331

Related CVE

CVE-2025-71179

• CNNVD Published: 2026-02-03

Description (Chinese)

Creativeitem Academy LMS是孟加拉国Creativeitem公司的一个在线学习管理系统。 Creativeitem Academy LMS 7.0版本存在安全漏洞，该漏洞源于对/academy/blogs端点的search参数和/academy/course_bundles/search/query端点的string参数验证不足，可能导致反射型跨站脚本攻击。

Description (English)

Creativeitem Academy LMS is an online learning management system for Creativeitem in Bangladesh. There is a security loophole in version 7.0 of Creativeitem Academy LMS, which stems from inadequate validation of the search parameters for/academy/blogs endpoints and/academy/course bundles/search/query endpoints, which may result in cross-posterial attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Creativeitem

Published

2026-02-03

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51654 https://creativeitem.com/products/academy-learning-management-system/ https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 https://nvd.nist.gov/vuln/detail/CVE-2023-4119 https://access.redhat.com/security/cve/cve-2025-71179