A flaw has been found in CodeCanyon Mentor LMS up to version 1.1.1. This vulnerability pertains to an unknown functionality of the component API, allowing manipulation that can lead to a permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and could be used. The vendor was contacted early about this disclosure but did not respond.
CVE-2025-11304
🟡 Medium
CVE-2025-11304: Vulnerability in CodeCanyon Mentor LMS
A flaw in CodeCanyon Mentor LMS up to version 1.1.1 allows for manipulation leading to a permissive cross-domain policy. The exploit is published and may be exploited remotely.
CVE ID
CVE-2025-11304
CVSS Score
6.3
Vendor
unknown
Published
Oct 05
Vulnerability Details
- CVE ID
- CVE-2025-11304
- Severity
- Medium
- CVSS v3 Score
- 6.3 / 10.0
- Affected Vendor
- unknown
- Publication Date
- October 05, 2025
External Resources
Need Help?
Protect your infrastructure with our comprehensive security scanning tools.
Explore Security Scanners