Share
## https://sploitus.com/exploit?id=PACKETSTORM:178629
# Title: Rocket LMS 1.9 - Persistent Cross Site Scripting (XSS)  
# Date: 04/16/2024  
# Exploit Author: Sergio Medeiros  
# Vendor Homepage: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735  
# Software Link: https://lms.rocket-soft.org  
# Version: 1.9  
# Tested on Firefox and Chrome Browsers  
# Patched Version: Patch Pending  
# Category: Web Application  
# CVE: CVE-2024-34241  
# Exploit link: https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide  
# PoC:  
  
In order to exploit this systemic stored XSS vulnerability, identify theareas in the web application which has a WYSIWIG editor used, for example, the create/edit course description section.   
Input random text in the description section, and create the course while intercepting the request with BurpSuite or your preferred proxy of choice.  
  
In the *description* parameter or the associated parameter that is handling the user input related to the WYSIWIG editor, input the following payload and then issue the request:  
<details/open/ontoggle=prompt(origin)>