Listen to this Post
This stored cross-site scripting (XSS) vulnerability in Classroomio LMS version 0.1.13 arises due to insufficient input sanitization and validation of user-uploaded SVG files used as profile pictures. Authenticated attackers can craft a malicious SVG image containing JavaScript code within elements such as `
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent may adversely affect certain features and functions.
We do not sell your personal data. If you wish to exercise your rights under applicable privacy laws, please visit our Do Not Sell My Personal Information page.