| عنوان | Selleo Labs Sp. z o.o. Mentingo learn-v2025.08.27 Cross Site Scripting |
|---|
| الوصف | Attack Vector: Web Application
Impact: Privilege Escalation
Brief Description: Stored XSS in course description field leading to admin privilege escalation
The LMS platform allows content creators or administrators to create new courses. The course description field does not sanitize or escape HTML input, which permits injection of malicious JavaScript.
The injected JavaScript executes immediately even as one is typing, after saving it, every time any user (student, content creator, or admin) visits the global courses catalogue view. The payload is triggered globally without requiring the victim to open the specific malicious course.
Depending on the payload and victim's role:
1. Student victim → attacker can silently enroll them in an attacker-controlled course via a forged `POST /api/course/enroll-course` request.
2. Admin victim → attacker can forge a `POST /api/user` request to provision a new administrative account, under the attacker’s control. The attacker then receives an activation email and sets a password, gaining persistent full administrative access to the platform. |
|---|
| المصدر | ⚠️ https://gist.github.com/KhanMarshaI/584ae9d7ba8578ac040a0f89597fc3c1 |
|---|
| المستخدم | KhanMarshal (UID 89610) |
|---|
| ارسال | 29/08/2025 12:09 AM (8 أشهر منذ) |
|---|
| الاعتدال | 13/09/2025 11:40 AM (15 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 323823 [Selleo Mentingo 2025.08.27 Create New Course Basic Settings enroll-course الوصف البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|