After the creation of a course it is possible to add into the resources database, with text input, where in the "Field name" and "Field description" are vulnerable to Cross-Site Scripting Stored (XSS)
Proof of Concept (POC)
To exploit the vulnerability it is necessary that an user gets access to the course and click into the option "Search"
The affected fields are: "Field name" and "Field description" , both text input.
Type: Cross-Site Scripting
OWASP TOP 10: A03:2021-Injection
Thiago Martins, Leandro Inacio, Matheus Oliveira e Lucas Gomes