1454 matches found
Chamilo LMS 1.11.14 Cross Site Scripting
Hello, We are informing you about a Cross-Site Scripting Vulnerability in Chamilo LMS 1.11.14. Information -------------------- Advisory by Netsparker Name: Cross-Site Scripting Vulnerability in Chamilo LMS Affected Software: Chamilo LMS Affected Versions: 1.11.14 Homepage: https://chamilo.org/en...
CVE-2012-4029
Cross-site scripting XSS vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the categoryname parameter in an addsentcategory action...
CVE-2012-4029
CVE-2012-4029 is a documented XSS vulnerability in Chamilo LMS before 1.8.8.6. The flaw occurs in main/dropbox/index.php via the category_name parameter in an addsentcategory action, allowing remote attackers to inject arbitrary web script or HTML. The issue is part of Chamilo 1.8.8.4/1.8.8.6 fam...
CVE-2012-4029
Cross-site scripting XSS vulnerability in main/dropbox/index.php in Chamilo LMS before 1.8.8.6 allows remote attackers to inject arbitrary web script or HTML via the categoryname parameter in an addsentcategory action...
CVE-2013-0739
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script...
CVE-2013-0738
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php...
Design/Logic Flaw
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php...
Input validation
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script...
CVE-2013-0739
Summary: CVE-2013-0739 affects Chamilo 1.9.4 and involves an XSS vulnerability in the chat.php script caused by improper validation of user-supplied input. Affected component: Chamilo 1.9.4, specifically the chat.php feature. Root cause: Improper validation of input in the chat functionality enab...
CVE-2013-0739
Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script...
CVE-2013-0738
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php...
CVE-2013-0738
Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities affecting the pages blog.php and announcements.php . The root cause is improper input handling, enabling injected HTML/JavaScript in user-visible content. Affected versions and exact exploit details are not provided beyond the CVE ...
CVE-2012-4030
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files...
Input validation
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files...
CVE-2012-4030
Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files...
CVE-2012-4030
CVE-2012-4030 affects Chamilo before 1.8.8.6, where the index.php input handling is insecure, allowing remote attackers to delete arbitrary files. The issue is described in the NVD entry as a vulnerability in Chamilo that could enable unauthorized file deletion via crafted input. Public reference...
CVE-2015-9540
Chamilo LMS through 1.9.10.2 allows a linkgoto.php?linkurl= open redirect, a related issue to CVE-2015-5503...
Open redirect
Chamilo LMS through 1.9.10.2 allows a linkgoto.php?linkurl= open redirect, a related issue to CVE-2015-5503...
CVE-2015-9540
Chamilo LMS through 1.9.10.2 allows a linkgoto.php?linkurl= open redirect, a related issue to CVE-2015-5503...
CVE-2015-9540
CVE-2015-9540 describes an open redirect in Chamilo LMS up to version 1.9.10.2 via the link_goto.php?link_url= parameter, related to CVE-2015-5503. Connected entries show the Drupal Chamilo integration module (7.x-1.x before 7.x-1.2) as a separate instance of the same issue. The vulnerability is ...