{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/780141#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nLectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older contained a cross-site scripting (XSS) vulnerability in courses published with Seamless Play Publish (SPP) enabled *and* Web Accessibility disabled. The vulnerability was initially patched in Lectora Desktop version 21.4 (October 25, 2022), but users must republish existing courses to apply the patch. This important republishing instruction was missing from the Desktop edition release notes, but it was included in the release notes for the recently patched Lectora Online (July 20, 2025). The CERT® Coordination Center is publishing this vulnerability note to amplify awareness as the Lectora software user base includes high-profile clients such as government agencies and large enterprises.\r\n### Description\r\nThe Lectora platform is used to create and publish interactive e-learning courses by ELB Learning. Lectora Inspire and Lectora Publisher are Desktop versions of the e-learning software, and Lectora Online is a cloud-based version.\r\n#### Affected Versions\r\n- Lectora Inspire and Lectora Publisher desktop editions versions 21.0–21.3\r\n- Lectora Online versions 7.1.6 and older \r\n\r\n### Impact\r\nContent published with Seamless Play Publish (SPP) enabled *and* Web Accessibility settings disabled in the affected versions can allow JavaScript injection via crafted URL parameters. Exploitation under this scenario could result in client-side script execution (e.g., alert or redirect), which poses a risk of session hijacking or user redirection.\r\n### Solution\r\nThe vulnerability is patched in Lectora Desktop (Publisher and Inspire version 21.4, released October 25, 2022) and Lectora Online (version 7.1.7, deployed July 20, 2025). To fully implement the solution:\r\n\r\n-   **For Lectora Desktop customers:** Please download the version 21.4 patch or a later update from portal.elblearning.com. You must then republish any courses that were created using older software versions.\r\n-   **For Lectora Online customers:** The update to version 7.1.7 was automatically applied on July 20, 2025. You must republish any courses that were created using older software versions.\r\n\r\n### Acknowledgements\r\nThanks to the reporter Mohammad Jassim for reporting this vulnerability. This document was written by Laurie Tyzenhaus.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"},{"category":"other","text":"# Cross-site scripting vulnerability in Lectora course navigation\r\n\r\nELB Learning has remediated an issue that, under certain circumstance, could have allowed an attacker to execute arbirtrary JavaScript in the context of a user's session by injecting it via a parameter in published Lectora content.\r\n\r\n**Impact products**: Lectora Desktop 21 (prior to version 21.4) and Lectora Online (prior to version 7.1.7 release July 20, 2025).  If web accessibility is set in project options or if the course is published with Seamless Play Publish (SPP) disabled, the course is not impacted by this vulnerability.\r\n\r\n**CVSS 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)**\r\n\r\nThanks Mohammad Jassim for reporting this vulnerability.","title":"Vendor statment from ELB Learning"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/780141"},{"url":"https://knowledgebase.elblearning.com/statement-from-elb-learning-regarding-limited-scope-javascript-injection","summary":"https://knowledgebase.elblearning.com/statement-from-elb-learning-regarding-limited-scope-javascript-injection"},{"url":"https://cwe.mitre.org/data/definitions/79.html","summary":"Reference(s) from vendor \"ELB Learning\""}],"title":"Cross-site scripting vulnerability in Lectora course navigation","tracking":{"current_release_date":"2025-09-22T14:44:03+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#780141","initial_release_date":"2025-09-22 14:44:03.104216+00:00","revision_history":[{"date":"2025-09-22T14:44:03+00:00","number":"1.20250922144403.1","summary":"Released on 2025-09-22T14:44:03+00:00"}],"status":"final","version":"1.20250922144403.1"}},"vulnerabilities":[{"title":"Cross-site scripting vulnerability in Lectora course navigation.","notes":[{"category":"summary","text":"Cross-site scripting vulnerability in Lectora course navigation.\r\nELB Learning has remediated an issue that, under certain circumstance, could have allowed an attacker to execute arbitrary JavaScript in the context of a user's session by injecting it via a parameter in published Lectora content.\r\n\r\nDesktop version: upgrade to version 21.4 and republish older documents.\r\nOnline version: upgrade is applied. Republish documents created prior to July 20, 2025"}],"cve":"CVE-2025-9125","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#780141"}],"product_status":{"known_affected":["CSAFPID-7b042860-3683-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"ELB Learning","product":{"name":"ELB Learning Products","product_id":"CSAFPID-7b042860-3683-11f1-8422-122e2785dc9f"}}]}}