Creativeitem Academy_lms

16 CVEs affecting Creativeitem Academy_lms. Latest disclosed: 2026-02-03. Critical: 1, High: 1.

Top CVEs affecting Creativeitem Academy_lms
CVESeverityScorePublishedSummary
CVE-2025-56749Critical9.42025-10-15Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge vali…
CVE-2022-47132High8.82023-02-03A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
CVE-2025-56747Medium6.52025-10-14Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated us…
CVE-2025-56748Medium6.42025-10-15Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brut…
CVE-2023-4974Medium6.32023-09-15A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/fi…
CVE-2025-71179Medium6.12026-02-03Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the str…
CVE-2024-38959Medium6.12024-07-09Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain…
CVE-2023-38964Medium6.12023-08-04Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2023-53876Medium5.42025-12-15Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. A…
CVE-2022-47131Medium4.82023-02-03A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
CVE-2022-29380Medium4.82022-05-25Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
CVE-2023-4119Medium4.32023-08-03A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The…
CVE-2022-47130Medium4.32023-02-03A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privilege…
CVE-2023-4973Low3.52023-09-15A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the…
CVE-2023-3752Low3.52023-07-19A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…
CVE-2025-56746Low2.22025-10-15Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attac…