EUVD-2020-30158

Malware in sbrugna...

EUVD-2024-45464

Malicious code in bioql PyPI...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...

CVE-2024-51658

Cross-Site Request Forgery CSRF vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through = 1.3...

CVE-2024-51658

Cross-Site Request Forgery CSRF vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through = 1.3...

CVE-2024-51658

CVE-2024-51658 describes a Cross-Site Request Forgery (CSRF) that enables Stored XSS in the WordPress plugin WP Course Manager for versions up to 1.3. The vulnerability impact is described as stored XSS via CSRF, affecting the WP Course Manager plugin in the listed range. The provided documents d...

CVE-2024-51658 WordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through = 1.3...

CVE-2024-51658 WordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Henrik Hoff WP Course Manager wp-course-manager allows Stored XSS.This issue affects WP Course Manager: from n/a through = 1.3...

WordPress plugin WP Course Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin WP Course Manager versions = 1.3...

WordPress WP Course Manager Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Course Manager Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51658 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID fb5da93f1648 Credits SOPROBRO Required...

CVE-2020-14321

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course...

CVE-2020-14321

CVE-2020-14321 affects Moodle where, in versions before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, a teacher can assign themselves the course manager role, enabling privilege escalation. This can lead to broader access and, in chained exploits, remote code execution (RCE) via subsequent actions (e.g., lever...

Academy LMS 4.3 Cross Site Scripting

Exploit Title: Academy-LMS 4.3 - Stored XSS Date: 19/12/2020 Vendor page: https://academy-lms.com/ Version: 4.3 Tested on Win10 and Google Chrome Exploit Author: Vinicius Alves XSS Payload: "STORED XSS Scripts tag blocked 1 Access LMS and log in to admin panel 2 Access courses page 3 Open course...

PT-2022-8563 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.9.1 Moodle versions prior to 3.8.4 Moodle versions prior to 3.7.7 Moodle versions prior to 3.5.13 Description: The issue allows teachers of a course to assign themselves the manager role within that course...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request...

CVE-2020-9337

CVE-2020-9337 affects GolfBuddy Course Manager 1.1, where passwords are transmitted via a GET request using base64 encoding. This exposes confidential data because base64 is not encryption and GET parameters can be logged or exposed in browser history and server logs. NVD CVSS3.1 vector CVSS:3.1/...

CVE-2020-9337

In GolfBuddy Course Manager 1.1, passwords are sent with base64 encoding via a GET request. Recent assessments: horshark at March 09, 2020 8:13pm UTC reported: Recap Nothing deep, passwords are sent using Base64. Requires Ability to monitor networking traffic during user authentification. Loot...