CVE-2025-52564 Chamilo: HTML injection via open parameter

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

CVE-2025-52564 Chamilo: HTML injection via open parameter

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

CVE-2025-52564

Chamilo LMS before 1.11.30 is affected by an HTML injection vulnerability in the open parameter of help.php, allowing a crafted URL to inject arbitrary HTML. The underlying issue is insufficient sanitization of user input. The flaw has been fixed in version 1.11.30. Affected product: Chamilo LMS;...

PT-2026-22621

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...

CVE-1999-0716

Buffer overflow in Windows NT 4.0 help file utility via a malformed help file...

EUVD-2022-52785

Malicious code in bioql PyPI...

EUVD-1999-0697

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-1010305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmdreadheaders in libmspackfile...

Linux Distros Unpatched Vulnerability : CVE-2015-4469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The chmdreadheaders function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service buffer...

Linux Distros Unpatched Vulnerability : CVE-2015-4467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The chmdinitdecomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of...

CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

CVE-2022-31200

Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field...

SUSE CVE-2007-0619

chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption...

SUSE CVE-2015-4469

The chmdreadheaders function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted CHM file...

SUSE CVE-2019-9896

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable...

The vulnerability of the ClamAV antivirus software library and the Cisco AMP security tool for end devices allows a perpetrator to trigger a service failure.

The vulnerability of the ClamAV antivirus software library and the Cisco AMP tool for protecting against malicious software in end devices is related to resource management errors during CHM file syntax analysis. Exploiting this vulnerability can allow a remote attacker to cause service...

CTparental 跨站脚本漏洞

CTparental is a tool for filtering web content. Inappropriate content can be filtered using blacklists or whitelists, time spent browsing the Internet can be controlled and time spent active on control devices. CTparental suffers from a cross-site scripting vulnerability that originates in...

CVE-2021-28207

The specific function in ASUS BMC’s firmware Web management page Get Help file function does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files...

Gurbalib Path Traversal Vulnerability

Gurbalib is a lpmud mudlib game library for DGD drivers from the American software developer Kent Mein. A path traversal vulnerability exists in the lib/cmds/player/help.c file in Gurbalib versions 2020-04-30 and earlier. An attacker can exploit this vulnerability to read the management path...

CVE-2020-12649

Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths...