Classroomio LMS 0.1.13 Cross Site Scripting

Classroomio LMS version 0.1.13 was vulnerable to a Cross-Site Scripting Classroomio LMS version 0.1.13 was vulnerable to a Cross-Site Scripting (XSS) flaw.

This vulnerability arose from improper input validation and sanitization of user-supplied data. An attacker could inject malicious JavaScript code into various fields, such as user profiles or course descriptions, which were then displayed without proper encoding.

When another user viewed a page containing this unescaped input, the malicious script would execute within their browser. This could lead to session hijacking (stealing user cookies), defacement of the application, redirection to malicious sites, or unauthorized data access.

Users of Classroomio LMS 0.1.13 were at risk. The fix involves upgrading to a patched version that correctly sanitizes and encodes all user-generated content before rendering.

# CVE-2025-65676
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.

**Affected Product: ClassroomIO**
* Affected Version: 0.1.13
* **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**

## Vulnerability Details
Stored Cross Site Scripting

# Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, where the application fails to sanitize course cover image uploads. An authenticated attacker can upload a malicious SVG file containing embedded JavaScript, which is then stored and executed whenever the course cover image is viewed. Because the payload is executed from a trusted domain, this flaw can lead to session hijacking, account takeover, redirection attacks, or further exploitation within the platform.

## Steps to Reproduce

1. Log in and go to created course or create one

2. Click on landing page

3. Click on Header > replace image cover

3. Select the xss svg file and click on upload

4. Wait for it to save, refresh the page

<img width="1919" height="858" alt="image" src="https://github.com/user-attachments/assets/40c1eaee-439c-4cd8-9b7c-d2ea1b9d4ba9" />

6. Right click on the course cover image and open on a new tab

7. Note the stored xss being popped.

<img width="701" height="361" alt="image" src="https://github.com/user-attachments/assets/ef9b4d7d-627e-403b-9e45-6ae7417f7c11" />


# Acknowledgement

This vulnerability was discovered and responsibly reported by:

**Rivek Raj Tamang (RivuDon) from Sikkim, India**

https://www.linkedin.com/in/rivektamang/

https://rivudon.medium.com/


------------------------


# CVE-2025-65675
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures. Discovered by - Rivek Raj Tamang (RivuDon), Sikkim, India.

**Affected Product: ClassroomIO**
* Affected Version: 0.1.13
* **Discovered by: Rivek Raj Tamang (RivuDon), Sikkim, India**

## Vulnerability Details
Stored Cross Site Scripting

# Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in Classroomio LMS version 0.1.13, where the application fails to sanitize SVG profile image uploads. An authenticated attacker can upload a malicious SVG file containing embedded JavaScript, which is then stored and executed whenever the profile image is viewed. Because the payload is executed from a trusted domain, this flaw can lead to session hijacking, account takeover, redirection attacks, or further exploitation within the platform.

## Steps to Reproduce

1. Log in and go to profile settings

2. Click on upload image

3. Select the xss svg file and click on upload

4. Wait for it to save

<img width="1564" height="700" alt="image" src="https://github.com/user-attachments/assets/46dffab6-bc8c-45c4-ac4e-945f1aef01c4" />


6. Right click on the profile picture and open on a new tab

7. Note the stored xss being popped.

<img width="576" height="298" alt="image" src="https://github.com/user-attachments/assets/4dbcfecd-a565-4e9b-aba3-304f09246b17" />


# Acknowledgement

This vulnerability was discovered and responsibly reported by:

**Rivek Raj Tamang (RivuDon) from Sikkim, India**

https://www.linkedin.com/in/rivektamang/

https://rivudon.medium.com/