Security Advisory

CVE-2023-53876

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-15 20:28:17

Last updated 2026-04-07 14:07:02

Assigner VulnCheck

State PUBLISHED

Description

Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.

← Browse all CVEs View on cve.org ↗