24 matches found
CVE-2026-34160
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...
CVE-2026-34160
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...
CVE-2026-34160
Chamilo LMS prior to 2.0.0-RC.3 is affected. The PENS plugin endpoint at public/plugin/Pens/pens.php allows unauthenticated access and accepts a user-controlled package-url that is fetched via curl without filtering private/internal IPs, enabling unauthenticated SSRF. Impact includes probing inte...
CVE-2026-34160
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...
CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...
CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...
EUVD-2026-22712
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...
Chamilo LMS 代码问题漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained code vulnerabilities. These vulnerabilities stemmed from...
EUVD-2024-44869
Malicious code in bioql PyPI...
EUVD-2024-36916
Malicious code in bioql PyPI...
CVE-2024-50440
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through = 1.0.2...
CVE-2024-37960
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0...
CVE-2024-50440
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.2...
CVE-2024-50440
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through = 1.0.2...
CVE-2024-50440 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode codepen-embedded-pen-shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through = 1.0.2...
CVE-2024-50440
CVE-2024-50440 describes a stored XSS vulnerability in the WordPress plugin CodePen Embedded Pens Shortcode (versions
WordPress plugin CodePen Embedded Pens Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...
WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin CodePen Embedded Pens Shortcode versions = 1.0.2...
WordPress CodePen Embedded Pens Shortcode Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software CodePen Embedded Pens Shortcode Type Plugin Vulnerable versions = 1.0.2 Fixed in 1.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50440 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ea887c573a3b Credits theviper17 Required...
CVE-2024-37960 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Chris Coyier CodePen Embedded Pens Shortcode allows Stored XSS.This issue affects CodePen Embedded Pens Shortcode: from n/a through 1.0.0...