Creativeitem Academy Lms — known CVE vulnerabilities
Every CVE whose affected-product data names Creativeitem Academy Lms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2025-56749 — CVSS 9.4 (critical): Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows…
CVE-2022-47132 — CVSS 8.8 (high): A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users.
CVE-2025-56747 — CVSS 6.5 (medium): Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where…
CVE-2025-56748 — CVSS 6.4 (medium): Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate…
CVE-2023-4974 — CVSS 6.3 (medium): A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the…
CVE-2025-71179 — CVSS 6.1 (medium): Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs…
CVE-2024-38959 — CVSS 6.1 (medium): Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute…
CVE-2023-53876 — CVSS 5.4 (medium): Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site…
CVE-2022-47131 — CVSS 4.8 (medium): A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
CVE-2022-29380 — CVSS 4.8 (medium): Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.
CVE-2022-47130 — CVSS 4.3 (medium): A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with…
CVE-2023-4119 — CVSS 4.3 (medium): A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file…
CVE-2023-4973 — CVSS 3.5 (low): A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown…
CVE-2023-3752 — CVSS 3.5 (low): A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown…
CVE-2025-56746 — CVSS 2.2 (low): Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation…