CVE-2025-11304— CodeCanyon/ui-lib Mentor LMS API cross-domain policy
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-11304
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CodeCanyon/ui-lib Mentor LMS API cross-domain policy
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
过度许可的跨域白名单
Source: NVD (National Vulnerability Database)
Vulnerability Title
CodeCanyon Mentor LMS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CodeCanyon Mentor LMS是CodeCanyon公司的一个学习管理系统。 CodeCanyon Mentor LMS 1.1.1及之前版本存在安全漏洞,该漏洞源于API组件存在未知功能,可能导致跨域策略过于宽松。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| CodeCanyon | Mentor LMS | 1.1.0 | - | |
| ui-lib | Mentor LMS | 1.1.0 | - |
II. Public POCs for CVE-2025-11304
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-11304
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: CodeCanyon
- CVE-2026-7783
CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.p - CVE-2026-7782
CodeCanyon Perfex CRM Tenant Clients.php project authorizati - CVE-2025-7898
Codecanyon iDentSoft Account Setting Page updateSetting unre - CVE-2025-3855
CodeCanyon RISE Ultimate Project Manager Profile Picture sav - CVE-2025-3219
CodeCanyon Perfex CRM Project Discussions Module 2 cross sit
Same weakness: CWE-942
- CVE-2026-7643
ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain po - CVE-2026-7581
alexta69 MeTube CORS Policy main.py on_prepare cross-domain - CVE-2026-41056
AVideos has CORS Origin Reflection with Credentials on Sensi - CVE-2026-6662
ericc-ch copilot-api Token Endpoint server.ts cors cross-dom - CVE-2026-6143
farion1231 cc-switch ProxyServer server.rs cross-domain poli
V. Comments for CVE-2025-11304
No comments yet