Subject: Q Science (General)
Year: 2025
Type: Article
Type: NonPeerReviewed
Title: SECURING MVC-BASED LMS PLATFORMS: ADDRESSING AUTHENTICATION, XSS, AND INJECTION VULNERABILITIES
Author: Nuhi, Asri
Author: Ajruli, Neshat
Author: Idrizi, Florim
Author: Imeri, Florinda
Author: Memeti, Agon
Abstract: This article presents the most critical security weaknesses of Learning Management Systems (LMS) based on Model-View-Controller (MVC) architecture and a study case from the LMS at University of Tetova. Right down to the weaknesses in authentication and authorization systems (for example, weak passwords or lack of access controls). Furthermore, the study addresses the issue of Cross-Site Scripting (XSS) based, focal and reflected XSS - and how SQL injection threats also impact database security. What makes our work original is of course the case based and pragmatic approach where we dissect real world vulnerabilities in gap analysis and then recommend particular countermeasures (e.g., role base authorization, parameterized query execution). Based on the results, recommendations for LMS security and the confidentiality of educational data are provided.
Publisher: Faculty of Natural Sciences and Mathematics, Republic of North Macedonia
Relation: https://eprints.unite.edu.mk/2119/
Identifier: oai:eprints.unite.edu.mk:2119
Identifier: https://eprints.unite.edu.mk/2119/1/FSHMN2025-312-321.pdfIdentifier: Nuhi, Asri and Ajruli, Neshat and Idrizi, Florim and Imeri, Florinda and Memeti, Agon (2025) SECURING MVC-BASED LMS PLATFORMS: ADDRESSING AUTHENTICATION, XSS, AND INJECTION VULNERABILITIES. Journal of Natural Sciences and Mathematics of UT, 10 (19-20). pp. 312-321. ISSN 2671-3039
