2475 matches found
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
EUVD-2025-208176
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52475
CVE-2025-52475 affects Chamilo LMS before 1.11.30. A reflected XSS exists in the admin/user_list.php endpoint where the keyword_inactive parameter is not properly sanitized, allowing an attacker to inject JavaScript via a crafted URL. The issue is patched in version 1.11.30. No exploitation detai...
CVE-2025-52475
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/userlist.php endpoint. The keywordinactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. This...
EUVD-2025-208177
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...
CVE-2025-52476
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keywordactive parameter in admin/userlist.php. This issue has been patched in version 1.11.30...
CVE-2025-52476
CVE-2025-52476 affects Chamilo LMS prior to version 1.11.30. The vulnerability is a reflected cross-site scripting (XSS) flaw caused by improper sanitization of the keyword_active parameter in admin/user_list.php. The issue is mitigated by upgrading to version 1.11.30, which patches the vulnerabi...
PT-2026-22619
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to improper sanitization of the keyword active parameter in admin/user list.php. This issue has been patched in version 1.11.30...
PT-2026-22618
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability in the admin/user list.php endpoint. The keyword inactive parameter is not properly sanitized, allowing attackers to inject malicious JavaScript through a crafted URL. Th...
Chamilo 跨站脚本漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the keywordinactive parameter in the admin/userlist.php file, which could lead to...
Chamilo 跨站脚本漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the keywordactive parameter in the admin/userlist.php file, which could lead to reflective...
GHSA-XFX2-PRG5-JQ3G INSATutorat has an authorization bypass vulnerability in its /api/admin/* endpoints
Impact An authorization bypass vulnerability was discovered in the administration pages of the tutoring application. When a standard user logged in but without administrator privileges attempts to access a resource under /api/admin/, the system detects the error but does not block the request. As...
PT-2026-41180
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description A flaw in the chat completion API allows users to bypass tool restrictions, potentially leading to unauthorized actions or access. In the '/api/chat/completions' endpoint, the tool ids and tool...
PT-2026-22122
The installer of FinalCode Client provided by Digital Arts Inc. contains an incorrect default permissions vulnerability. A non-administrative user may execute arbitrary code with SYSTEM privilege...
CVE-2025-40538
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...
CVE-2025-40538 SolarWinds Serv-U Broken Access Control Remote Code Execution Vulnerability
A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On...