4 matches found
CVE-2013-3601
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
Design/Logic Flaw
Coursemill Learning Management System LMS 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions...
CVE-2013-3603
Cross-site scripting XSS vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
CVE-2013-3605
CVE-2013-3605 concerns Cross-site request forgery (CSRF) in Coursemill Learning Management System (LMS) 6.6, enabling remote attackers to hijack the authentication of arbitrary users via cookies. The connected documents corroborate that the vulnerability involves cookie-related CSRF in the Course...