Medium severity6.1NVD Advisory· Published Aug 21, 2024· Updated Jun 17, 2026
CVE-2024-41572
CVE-2024-41572
Description
Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.
Affected products
2- Learning with Texts/Learning with Textsdescription
- Range: =2.0.3
Patches
Vulnerability mechanics
References
1- medium.com/%40ChadSecurity/cve-2024-41572-68397fae354bnvdThird Party Advisory
News mentions
0No linked articles in our index yet.