A cross-site scripting (XSS) vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications.
https://grumpz.net/cve-2024-34241-a-step-by-step-discovery-guide