{"id":27586,"date":"2025-11-25T13:38:21","date_gmt":"2025-11-25T13:38:21","guid":{"rendered":"http:\/\/localhost\/?p=27586"},"modified":"2025-11-25T13:38:21","modified_gmt":"2025-11-25T13:38:21","slug":"classroomio-lms-0113-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=27586","title":{"rendered":"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009"},"content":{"rendered":"

{“lastseen”:”2025-11-25T19:06:53″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:212009″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65675″,”CVE-2025-65676″],”sourceData”:”# CVE-2025-65676\\n Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. Discovered by – Rivek Raj Tamang (RivuDon), Sikkim, India.\\n \\n **Affected Product: ClassroomIO**\\n * Affected Version: 0.1.13\\n * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**\\n \\n ## Vulnerability Details\\n Stored Cross Site Scripting\\n \\n # Summary\\n A Stored Cross-Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, where the application fails to sanitize course cover image uploads. An authenticated attacker can upload a malicious SVG file containing embedded JavaScript, which is then stored and executed whenever the course cover image is viewed. Because the payload is executed from a trusted domain, this flaw can lead to session hijacking, account takeover, redirection attacks, or further exploitation within the platform.\\n \\n ## Steps to Reproduce\\n \\n 1. Log in and go to created course or create one\\n \\n 2. Click on landing page\\n \\n 3. Click on Header \\u003e replace image cover\\n \\n 3. Select the xss svg file and click on upload\\n \\n 4. Wait for it to save, refresh the page\\n \\n \\u003cimg width=\\”1919\\” height=\\”858\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/40c1eaee-439c-4cd8-9b7c-d2ea1b9d4ba9\\” \/\\u003e\\n \\n 6. Right click on the course cover image and open on a new tab\\n \\n 7. Note the stored xss being popped.\\n \\n \\u003cimg width=\\”701\\” height=\\”361\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/ef9b4d7d-627e-403b-9e45-6ae7417f7c11\\” \/\\u003e\\n \\n \\n # Acknowledgement \\n \\n This vulnerability was discovered and responsibly reported by:\\n \\n **Rivek Raj Tamang (RivuDon) from Sikkim, India** \\n \\n https:\/\/www.linkedin.com\/in\/rivektamang\/\\n \\n https:\/\/rivudon.medium.com\/\\n \\n \\n ————————\\n \\n \\n # CVE-2025-65675\\n Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures. Discovered by – Rivek Raj Tamang (RivuDon), Sikkim, India.\\n \\n **Affected Product: ClassroomIO**\\n * Affected Version: 0.1.13\\n * **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**\\n \\n ## Vulnerability Details\\n Stored Cross Site Scripting\\n \\n # Summary\\n A Stored Cross-Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, where the application fails to sanitize SVG profile image uploads. An authenticated attacker can upload a malicious SVG file containing embedded JavaScript, which is then stored and executed whenever the profile image is viewed. Because the payload is executed from a trusted domain, this flaw can lead to session hijacking, account takeover, redirection attacks, or further exploitation within the platform.\\n \\n ## Steps to Reproduce\\n \\n 1. Log in and go to profile settings\\n \\n 2. Click on upload image\\n \\n 3. Select the xss svg file and click on upload\\n \\n 4. Wait for it to save\\n \\n \\u003cimg width=\\”1564\\” height=\\”700\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/46dffab6-bc8c-45c4-ac4e-945f1aef01c4\\” \/\\u003e\\n \\n \\n 6. Right click on the profile picture and open on a new tab\\n \\n 7. Note the stored xss being popped.\\n \\n \\u003cimg width=\\”576\\” height=\\”298\\” alt=\\”image\\” src=\\”https:\/\/github.com\/user-attachments\/assets\/4dbcfecd-a565-4e9b-aba3-304f09246b17\\” \/\\u003e\\n \\n \\n # Acknowledgement \\n \\n This vulnerability was discovered and responsibly reported by:\\n \\n **Rivek Raj Tamang (RivuDon) from Sikkim, India** \\n \\n https:\/\/www.linkedin.com\/in\/rivektamang\/\\n \\n https:\/\/rivudon.medium.com\/”,”sourceHref”:”https:\/\/packetstorm.news\/download\/212009″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/212009\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-11-25T19:06:53″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:212009″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65675″,”CVE-2025-65676″],”sourceData”:”# CVE-2025-65676\\n Stored Cross…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-27586","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=27586\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-11-25T19:06:53″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:212009″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65675″,”CVE-2025-65676″],”sourceData”:”# CVE-2025-65676n Stored Cross...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=27586\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-25T13:38:21+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27586#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27586\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009\",\"datePublished\":\"2025-11-25T13:38:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27586\"},\"wordCount\":712,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=27586#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27586\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27586\",\"name\":\"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-11-25T13:38:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27586#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=27586\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=27586#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=27586","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009 - zero redgem","og_description":"{“lastseen”:”2025-11-25T19:06:53″,”description”:”Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files…”,”published”:”2025-11-25T00:00:00″,”modified”:”2025-11-25T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:212009″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-65675″,”CVE-2025-65676″],”sourceData”:”# CVE-2025-65676n Stored Cross...","og_url":"https:\/\/zero.redgem.net\/?p=27586","og_site_name":"zero redgem","article_published_time":"2025-11-25T13:38:21+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=27586#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=27586"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009","datePublished":"2025-11-25T13:38:21+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=27586"},"wordCount":712,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=27586#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=27586","url":"https:\/\/zero.redgem.net\/?p=27586","name":"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-11-25T13:38:21+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=27586#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=27586"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=27586#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Classroomio LMS 0.1.13 Cross Site Scripting_PACKETSTORM:212009"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/27586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=27586"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/27586\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=27586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=27586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=27586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}