SECURING MVC-BASED LMS PLATFORMS: ADDRESSING AUTHENTICATION, XSS, AND INJECTION VULNERABILITIES

Nuhi, Asri and Ajruli, Neshat and Idrizi, Florim and Imeri, Florinda and Memeti, Agon (2025) SECURING MVC-BASED LMS PLATFORMS: ADDRESSING AUTHENTICATION, XSS, AND INJECTION VULNERABILITIES. Journal of Natural Sciences and Mathematics of UT, 10 (19-20). pp. 312-321. ISSN 2671-3039

[img] Text
FSHMN2025-312-321.pdf
Download (447kB)
Official URL: https://journals.unite.edu.mk/Home?JId=19

Abstract

This article presents the most critical security weaknesses of Learning Management Systems (LMS) based on Model-View-Controller (MVC) architecture and a study case from the LMS at University of Tetova. Right down to the weaknesses in authentication and authorization systems (for example, weak passwords or lack of access controls). Furthermore, the study addresses the issue of Cross-Site Scripting (XSS) based, focal and reflected XSS - and how SQL injection threats also impact database security. What makes our work original is of course the case based and pragmatic approach where we dissect real world vulnerabilities in gap analysis and then recommend particular countermeasures (e.g., role base authorization, parameterized query execution). Based on the results, recommendations for LMS security and the confidentiality of educational data are provided.

Item Type: Article
Subjects: Q Science > Q Science (General)
Divisions: Faculty of Engineering, Science and Mathematics > School of Engineering Sciences
Depositing User: Unnamed user with email zshi@unite.edu.mk
Date Deposited: 28 Oct 2025 11:04
Last Modified: 28 Oct 2025 11:04
URI: http://eprints.unite.edu.mk/id/eprint/2119

Actions (login required)

View Item View Item
Universiteti i Tetoves is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.