CVE-2023-53876
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-15

Last updated on: 2025-12-18

Assigner: VulnCheck

Description
Academy LMS 6.1 contains a file upload vulnerability that allows authenticated users to upload malicious SVG files with stored cross-site scripting payloads. Attackers can inject malicious scripts through the profile avatar upload feature by modifying file extensions and embedding executable JavaScript code.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-15
Last Modified
2025-12-18
Generated
2026-05-07
AI Q&A
2025-12-15
EPSS Evaluated
2026-05-05
NVD
CVE-2023-53876
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
creativeitem academy_lms 6.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2023-53876 is a file upload vulnerability in Academy LMS version 6.1 that allows authenticated users to upload malicious SVG files containing stored cross-site scripting (XSS) payloads. Attackers exploit this by modifying file extensions and embedding executable JavaScript code within the SVG files via the profile avatar upload feature. This enables the injection and execution of malicious scripts in the context of the affected application. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to the execution of malicious scripts within the Academy LMS application, potentially compromising user sessions or allowing attackers to perform unauthorized actions on behalf of users. Since the malicious SVG files contain stored XSS payloads, attackers can inject scripts that execute when other users view the affected content, leading to data theft, session hijacking, or other malicious activities. [1, 2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring file uploads to the profile avatar feature for SVG files containing embedded JavaScript code. Using a proxy tool like Burp Suite, intercept POST requests to the profile settings upload endpoint (e.g., https://website/dashboard/#/settings) and inspect uploaded files for suspicious SVG content with script tags or JavaScript payloads. Additionally, you can scan the upload directories (e.g., https://website/wp-content/uploads/) for SVG files and analyze their contents for embedded scripts. Commands to list SVG files on the server could include: `find /path/to/uploads -name '*.svg'` and to inspect suspicious files: `grep -i '<script' /path/to/uploads/*.svg` or `grep -i 'javascript:' /path/to/uploads/*.svg`. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting or disabling SVG file uploads in the profile avatar upload feature, implementing strict server-side validation and sanitization of uploaded files to reject files containing executable JavaScript code, and ensuring that uploaded files are served with appropriate Content Security Policy (CSP) headers to prevent script execution. Additionally, review and patch the Academy LMS installation to a version where this vulnerability is fixed or apply available security updates. Monitoring and logging upload activities for suspicious behavior is also recommended. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart