CVE-2021-47907

Vulnerability

Overview

Rocket LMS 1.1 contains a persistent cross-site scripting (XSS) vulnerability in the support ticket module. The root cause is improper neutralization of user-supplied input in the title parameter when creating support tickets. The application fails to sanitize or encode HTML/JavaScript before storing it, allowing arbitrary script injection [1][2].

Exploitation

An authenticated attacker can submit a support ticket with a malicious payload embedded in the title field. When any other user (including administrators) views the ticket history, the stored payload executes in their browser. No special privileges beyond a valid user account are required, and the attack is network-based with low complexity [2].

Impact

Successful exploitation allows the attacker to perform session hijacking, steal cookies, conduct phishing attacks, or deface the application within the victim's session context. The CVSS v3 score of 6.4 reflects the medium severity due to the need for authentication and user interaction [2].

Mitigation

As of the public disclosure date (December 2021), no official patch was available from the vendor. Users are advised to implement strict input validation and output encoding for the title parameter, or upgrade to a later version if one becomes available [1][2].