1360 matches found
Design/Logic Flaw
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section...
Design/Logic Flaw
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section...
Design/Logic Flaw
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition...
Design/Logic Flaw
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section...
Design/Logic Flaw
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel...
CVE-2023-37064
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section...
CVE-2023-37066
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel...
CVE-2023-37061
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section...
CVE-2023-37064
CVE-2023-37064 affects Chamilo 1.11.x up to 1.11.20. The vulnerability allows users with an administrator privilege account to insert cross-site scripting (XSS) in the extra fields management section, due to improper handling in that area. The documents do not specify a patched version or remedia...
CVE-2023-37061
Chamilo LMS (1.11.x up to 1.11.20) is vulnerable to a cross-site scripting (XSS) issue in the languages management section that can be triggered by users with an admin privilege account. The vulnerability is documented across multiple sources, but concrete fixes or patched versions are not consis...
CVE-2023-37067
CVE-2023-37067 affects Chamilo LMS 1.11.x up to 1.11.20. The vulnerability allows an admin-privileged user to inject cross-site scripting (XSS) in the classes/usergroups management section. The public-facing materials describe the issue as an admin-level XSS risk, but explicit exploit details, af...
PT-2023-25774 · Chamilo · Chamilo
Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x up to 1.11.20 Description: The issue allows users with an admin privilege account to insert XSS in the languages management section. Recommendations: For versions 1.11.x up to 1.11.20, as a temporary workaround, consid...
CVE-2023-37063
Chamilo LMS CVE-2023-37063 affects Chamilo 1.11.x up to 1.11.20. The vulnerability arises in the careers & promotions management section where an account with admin privileges can inject cross-site scripting (XSS). Impact is described as enabling script execution in that context; no specific expl...
PT-2023-25779 · Chamilo · Chamilo
Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x up to 1.11.20 Description: The issue allows users with admin privilege accounts to insert XSS in the skills wheel. This can be exploited by users with administrative privileges. Recommendations: For Chamilo versions...
CVE-2023-37066
CVE-2023-37066 affects Chamilo 1.11.x up to 1.11.20. The vulnerability allows users with an administrator privilege account to insert cross-site scripting (XSS) in the skills wheel. Public documentation notes this is a high-privilege issue with user interaction required, but explicit exploitation...
CVE-2023-37061
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section...
Chamilo 跨站脚本漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question and answer sessions. A cross-site scripting vulnerability exists in Chamilo versions 1.11.x through...
CVE-2023-37066
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel...
CVE-2023-37065
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section...
CVE-2023-2333
The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users...