{"vulnerability": "ghsa-38jp-hqg7-hhj2", "sightings": [{"uuid": "bfaceb7f-7014-4a62-965c-4a8393e257dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-38JP-HQG7-HHJ2", "type": "seen", "source": "https://t.me/arpsyndicate/801", "content": "#ExploitObserverAlert\n\nGHSA-38jp-hqg7-hhj2\n\nDESCRIPTION: Exploit Observer has 1 entries related to GHSA-38JP-HQG7-HHJ2. A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to the lack of proper sanitisation of the 'localidad' field on the /users/editmy page.\n\nGHSS: 5.4", "creation_timestamp": "2023-11-30T08:27:33.000000Z"}]}