7039 matches found
CVE-2025-55289
Chamilo LMS has a stored XSS vulnerability in the social network and internal messaging features present in versions prior to 1.11.34. The issue allows an attacker to inject arbitrary JavaScript that executes in the browser of an authenticated user (including administrators) when viewing the inje...
Chamilo 代码问题漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained code vulnerabilities. These vulnerabilities stemmed from improper validation of uploaded files, which could allow low-privilege users who are authenticated to upload specially...
PT-2026-23634
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo LMS is susceptible to an authenticated remote code execution issue stemming from insufficient validation of uploaded files. The application depends on MIME-type verification for file upload...
PT-2026-23631
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo is a learning management system with a stored cross-site scripting XSS issue. The issue exists in the platform’s social network and internal messaging features. An attacker can inject...
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files
Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...
CVE-2025-55208
Summary: CVE-2025-55208 affects Chamilo LMS prior to 1.11.34. A Stored XSS via insecure file uploads in the Social Networks feature allows a low-privilege user to execute arbitrary code in the admin inbox, enabling admin account takeover. The issue is fixed in version 1.11.34. The provided metric...
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files
Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it, a low-privilege user can execute arbitrary code in the admin user inbox, allowing takeover of the admin account. Version 1.11.34 fixes the issue...
EUVD-2026-9766
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...
CVE-2026-28113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...
CVE-2026-27983
Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...
CVE-2026-28113 WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...
CVE-2026-28113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...
CVE-2026-28113 WordPress Ultimate Learning Pro plugin <= 3.9.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...
CVE-2026-28113
CVE-2026-28113 is a Reflected Cross‑Site Scripting (XSS) vulnerability affecting the WordPress plugin Ultimate Learning Pro (indeed-learning-pro) up to version 3.9.1 . Connected sources (NVD, Red Hat advisory, CVE listings, Patchstack, PatchSTACK, Attackers/Wordfence notes) consistently describe ...
CVE-2026-27983
CVE-2026-27983 is an unauthenticated privilege-escalation vulnerability in the WordPress plugin LMS Elementor Pro (
WordPress plugin Ultimate Learning Pro 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-23386
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...
PT-2026-23273
Name of the Vulnerable Software and Affected Versions LMS Elementor Pro versions through 1.0.4 Description A privilege assignment issue exists in LMS Elementor Pro that could allow for privilege escalation. The issue allows an attacker to gain elevated privileges within the system. Recommendation...
PT-2026-23510
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34 Description Chamilo, a learning management system, contains a Stored Cross-Site Scripting XSS issue stemming from insecure file uploads within the Social Networks feature. A user with limited privileges can...
Deep Learning-Driven Friendly Jamming for Secure Multicarrier ISAC under Channel Uncertainty
Integrated sensing and communication ISAC systems promise efficient spectrum utilization by jointly supporting radar sensing and wireless communication. This paper presents a deep learning-driven framework for enhancing physical-layer security in multicarrier ISAC systems under imperfect channel...