{"id":56943,"date":"2024-05-20T19:40:15","date_gmt":"2024-05-20T15:40:15","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/178629\/rocketlms19-xss.txt"},"modified":"2024-05-20T19:40:15","modified_gmt":"2024-05-20T15:40:15","slug":"rocket-lms-1-9-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/rocket-lms-1-9-cross-site-scripting\/","title":{"rendered":"Rocket LMS 1.9 Cross Site Scripting"},"content":{"rendered":"<pre readability=\"10\"><code readability=\"14\"># Title: Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)<br># Date: 04\/16\/2024<br># Exploit Author: Sergio Medeiros<br># Vendor Homepage: https:\/\/codecanyon.net\/item\/rocket-lms-learning-management-academy-script\/33120735<br># Software Link: https:\/\/lms.rocket-soft.org<br># Version: 1.9<br># Tested on Firefox and Chrome Browsers<br># Patched Version: Patch Pending<br># Category: Web Application<br># CVE: CVE-2024-34241<br># Exploit link: https:\/\/grumpz.net\/cve-2024-34241-a-step-by-step-discovery-guide<br># PoC:<p>In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create\/edit course description section. <br>Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice.<\/p><p>In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request:<br>&lt;details\/open\/ontoggle=prompt(origin)&gt;<\/p><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Title: Rocket LMS 1.9 &#8211; Persistent Cross Site Scripting (XSS)# Date: 04\/16\/2024# Exploit Author: Sergio Medeiros# Vendor Homepage: https:\/\/codecanyon.net\/item\/rocket-lms-learning-management-academy-script\/33120735# Software Link: https:\/\/lms.rocket-soft.org# Version: 1.9# Tested on Firefox and Chrome Browsers# Patched Version: Patch Pending# Category: Web Application# CVE: CVE-2024-34241# Exploit link: https:\/\/grumpz.net\/cve-2024-34241-a-step-by-step-discovery-guide# PoC:In order to exploit this systemic stored XSS vulnerability, identify theareas in &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56943","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56943"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56943\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}