# CVE-2023-38964 ## Introduction I was searching for an LMS (Learning Management System), which is like a CMS (Content Management System) but specifically designed for managing courses. During my search, I came across "**Academy LMS 6.0"**. I purchased this product and decided to test it for vulnerabilities before uploading my courses and deploying it on my site. ## Code Analysis At **application > controllers > Home.php**, on line 855, we found the search function, and on lines **858 - 865**, it is checked for XSS payloads.

These checks only if **$\_GET\['query']** contains **"** and **script** string. ## Attack Intercepting **query** request with burp:

"**TESTT**" is reflected in source code:

We have two vectors for attack: 1. Weak verification 2. Input reflect on the page Go test the following payload: ``` "> ```