Academy LMS Cross-Site Scripting (XSS) Scanner

Academy LMS is a comprehensive learning management system used by educational institutions and companies to provide courses and online learning experiences. This platform is widely utilized for its user-friendly interface and the ability to support various multimedia content to enhance learning. Course creators use Academy LMS to develop and manage courses with ease, offering features such as quizzes, assessments, and tracking student progress. Educational institutions rely on it to deliver curriculum digitally, while corporate training programs utilize it for employee education. Institutions choose Academy LMS for its scalability, allowing seamless addition of new courses and users. The system is employed globally, valued for facilitating distant and hybrid learning

Cross-Site Scripting (XSS) is a common vulnerability that permits attackers to inject malicious scripts into web pages viewed by other users. This vulnerability specifically affects the search parameter in Academy LMS version 5.11, where user input is not properly sanitized. By executing scripts, attackers can hijack user sessions, deface websites, or redirect visitors to malicious sites. XSS exploits typically involve the insertion of JavaScript tags, resulting in code execution when the infected page is viewed. This vulnerability presents significant risks, particularly in environments where user interactions are frequent and sensitive data is handled. Addressing XSS vulnerabilities promptly is critical to protect user data and maintain application security.

The Academy LMS XSS vulnerability is present in the search functionality of the application. By manipulating the search query parameter, an attacker can inject JavaScript that is executed in the context of the user's session. The vulnerable endpoint is at the search path where unsanitized input is used directly in the rendered page, posing a risk of code execution. The matchers within the scan include checks for specific JavaScript execution markers and for the presence of the Academy LMS identifier. Headers are also inspected to ensure compatibility with text/html content type, confirming the correct rendering environment for script execution. Upon exploiting the vulnerability, the injected script runs as if executed by the actual user, proving the existence of the flaw.

When exploited, XSS vulnerabilities can lead to theft of user credentials, unauthorized actions on behalf of users, and spreading of malware. With the ability to execute scripts within the victim's browser, an attacker gains significant leverage to alter or manipulate visible content. In the case of Academy LMS, compromised accounts could lead to unauthorized access to business-critical learning materials. Data integrity could be affected, causing loss of trust in the educational institution or company. Prolonged exposure to such vulnerabilities can attract exploitation by automated botnets, rapidly spreading infection vectors to wider audiences. Immediate attention is needed to prevent further damage and potential data breaches.

REFERENCES

• https://packetstormsecurity.com/files/170514/Academy-LMS-5.11-Cross-Site-Scripting.html
• https://vulners.com/packetstorm/PACKETSTORM:170514