Learnhouse
Monthly
Information disclosure in LearnHouse Image Handler component allows authenticated remote attackers to access sensitive data via the image handling functionality. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code documented. Due to LearnHouse's rolling-release model, specific patched version numbers are unavailable, and the vendor has not responded to disclosure attempts.
LearnHouse allows authenticated remote attackers to access unauthorized student assignment files through improper control of resource identifiers in the Student Assignment Submission Handler API endpoint, enabling information disclosure of sensitive academic materials. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code disclosed. EPSS exploitation probability is 0.04% (13th percentile), indicating low real-world exploitation likelihood despite public POC availability.
Stored cross-site scripting (XSS) in LearnHouse Account Setting Page allows authenticated users to inject malicious scripts via the /dash/org/settings/previews endpoint, affecting all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca. An attacker with valid credentials can craft a malicious request that, when viewed by another user (requiring user interaction), executes arbitrary JavaScript in their browser context with potential for data theft or session hijacking. Public exploit code exists, though exploitation requires both login credentials and victim interaction, limiting real-world impact despite the network-accessible vector.
LearnHouse allows authenticated remote users to upload arbitrary files via unrestricted manipulation of the thumbnail parameter in the Course Thumbnail Handler endpoint (/api/v1/courses/), enabling potential malicious file storage and execution. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code disclosed despite vendor non-response to early notification. While CVSS is low (2.1) and EPSS exploitation probability is minimal (0.06%), the presence of public exploits and authentication-only barrier warrants prioritization in environments where account compromise or insider risk is elevated.
Information disclosure in LearnHouse Image Handler component allows authenticated remote attackers to access sensitive data via the image handling functionality. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code documented. Due to LearnHouse's rolling-release model, specific patched version numbers are unavailable, and the vendor has not responded to disclosure attempts.
LearnHouse allows authenticated remote attackers to access unauthorized student assignment files through improper control of resource identifiers in the Student Assignment Submission Handler API endpoint, enabling information disclosure of sensitive academic materials. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code disclosed. EPSS exploitation probability is 0.04% (13th percentile), indicating low real-world exploitation likelihood despite public POC availability.
Stored cross-site scripting (XSS) in LearnHouse Account Setting Page allows authenticated users to inject malicious scripts via the /dash/org/settings/previews endpoint, affecting all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca. An attacker with valid credentials can craft a malicious request that, when viewed by another user (requiring user interaction), executes arbitrary JavaScript in their browser context with potential for data theft or session hijacking. Public exploit code exists, though exploitation requires both login credentials and victim interaction, limiting real-world impact despite the network-accessible vector.
LearnHouse allows authenticated remote users to upload arbitrary files via unrestricted manipulation of the thumbnail parameter in the Course Thumbnail Handler endpoint (/api/v1/courses/), enabling potential malicious file storage and execution. The vulnerability affects all versions up to commit 98dfad76aad70711a8113f6c1fdabfccf10509ca, with publicly available exploit code disclosed despite vendor non-response to early notification. While CVSS is low (2.1) and EPSS exploitation probability is minimal (0.06%), the presence of public exploits and authentication-only barrier warrants prioritization in environments where account compromise or insider risk is elevated.