PT-2023-25218 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS versions prior to 1.11.20 Description: The issue is related to improper sanitisation in the main/inc/lib/fileUpload.lib.php file, which allows unauthenticated attackers to bypass file upload security protections. This can lead to...

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.20 and earlier versions,...

PT-2023-25204 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS versions prior to 1.11.20 Description: The issue concerns a path traversal vulnerability in the file upload functionality, specifically in the /main/webservices/additional webservices.php endpoint. This allows unauthenticated...

Chamilo LMS Security Vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS v1.11.20 and earlier versions,...

CVE-2023-39061

Cross Site Request Forgery CSRF vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code...

Chamilo LMS 1.11.x < 1.11.20 Multiple Vulnerabilities

Chamilo LMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:chamilo:chamilolms"; if...

CVE-2023-37066

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel...

CVE-2023-37063

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section...

PT-2023-25776 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x up to 1.11.20 Description: The issue allows users with admin privilege accounts to insert XSS in the careers and promotions management section. This can potentially lead to malicious script execution. Recommendations:...

Chamilo 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo version 1.11.x through versions...

Chamilo 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question and answer sessions. A cross-site scripting vulnerability exists in Chamilo versions 1.11.x through...

CVE-2023-37064

CVE-2023-37064 affects Chamilo 1.11.x up to 1.11.20. The vulnerability allows users with an administrator privilege account to insert cross-site scripting (XSS) in the extra fields management section, due to improper handling in that area. The documents do not specify a patched version or remedia...

PT-2023-25779 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x up to 1.11.20 Description: The issue allows users with admin privilege accounts to insert XSS in the skills wheel. This can be exploited by users with administrative privileges. Recommendations: For Chamilo versions...

Chamilo 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question answering. A security vulnerability exists in Chamilo versions prior to 1.11.20, which stems from ...

SUSE CVE-2005-0753

Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code...

PT-2022-24819 · WordPress · Broken Link Checker

Name of the Vulnerable Software and Affected Versions: Broken Link Checker WordPress plugin versions prior to 1.11.20 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

WordPress plugin Broken Link Checker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

GHSA-XGGX-FX6W-V7CH Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

Improper Neutralization of Wildcards or Matching Symbols

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...

Design/Logic Flaw

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted...