30 matches found
CVE-2026-4053
Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, and pin status after the edit window has expired via the post patch and update API endpoints...
CVE-2026-34161
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
CVE-2026-34161
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
EUVD-2026-22714
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
CVE-2026-34161
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
CVE-2026-34161
Technical details are not publicly available in the provided connected documents. Monitor for updates from Chamilo LMS advisory and subsequent CVE details.
CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
PT-2026-32917
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...
Chamilo LMS 跨站脚本漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained a cross-site scripting vulnerability. This vulnerability...
GHSA-9PJ7-JH2R-87G8 Mattermost doesn't validate user permissions when creating Jira issues from Mattermost posts
Mattermost versions 11.1.x = 11.1.2, 10.11.x = 10.11.9, 11.2.x = 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have acce...
CVE-2026-22892
Mattermost versions 11.1.x up to 11.1.2, 10.11.x up to 10.11.9, and 11.2.x up to 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts. An authenticated attacker with access to the Jira plugin can read post content and attachments from channels they do not have ...
CVE-2025-13767
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
EUVD-2025-205063
Mattermost versions 11.1.x = 11.1.0, 11.0.x = 11.0.5, 10.12.x = 10.12.3, 10.11.x = 10.11.7 fails to validate user channel membership when attaching Mattermost posts as comments to Jira issues, which allows an authenticated attacker with access to the Jira plugin to read post content and attachmen...
PT-2025-52872
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.11.x through 10.11.7 Mattermost versions 10.12.x through 10.12.3 Mattermost versions 11.0.x through 11.0.5 Mattermost versions 11.1.x through 11.1.0 Description The software does not properly validate user channel...
CVE-2025-11701
CVE-2025-11701 refers to the WordPress plugin Zip Attachments (versions
EUVD-2025-0107
Malicious code in bioql PyPI...
CVE-2022-43708
MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...
SUSE CVE-2025-21088
Mattermost versions 10.2.x = 10.2.0, 9.11.x = 9.11.5, 10.0.x = 10.0.3, 10.1.x = 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input...
BIT-MYBB-2022-43708
MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...
CVE-2022-43708
MyBB 1.8.31 has a issue 2 of 2 cross-site scripting XSS vulnerabilities in the post Attachments interface allow attackers to inject HTML by persuading the user to upload a file with specially crafted name...