CodeCanyon/ui-lib Mentor LMS API cross-domain policy_CVE-2025-11304

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11304

Source VulDB

Published Oct 5, 2025 at 21:02

Affected Product

Vendor CodeCanyon

Product Mentor LMS

Version 1.1.0

Affected Versions CodeCanyon Mentor LMS 1.1.0
CodeCanyon Mentor LMS 1.1.1
ui-lib Mentor LMS 1.1.0
ui-lib Mentor LMS 1.1.1

CWE Classification

CWE-942 CWE-346

References

{
    "lastseen": "",
    "description": "A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-05T21:02:06.131Z",
    "modified": "2025-10-05T21:02:06.131Z",
    "type": "cve",
    "title": "CodeCanyon/ui-lib Mentor LMS API cross-domain policy",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327185\nhttps://vuldb.com/?ctiid.327185\nhttps://vuldb.com/?submit.661733\nhttps://github.com/PlsRevert/CVEs/issues/3\nhttps://github.com/PlsRevert/CVEs/issues/3#issue-3447867888",
    "id": "CVE-2025-11304",
    "bulletinFamily": "",
    "cwe": [
        "CWE-942",
        "CWE-346"
    ],
    "cvelist": null,
    "sourceData": "CodeCanyon Mentor LMS 1.1.0\nCodeCanyon Mentor LMS 1.1.1\nui-lib Mentor LMS 1.1.0\nui-lib Mentor LMS 1.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mentor LMS",
    "version": "1.1.0",
    "vendor": "CodeCanyon",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}