CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...

CVE-2025-50186

Chamilo LMS prior to version 1.11.30 is affected by a stored XSS vulnerability in CSV filenames. The issue arises from insufficient sanitization of uploaded CSV names, allowing an attacker to upload a file such as .csv that can execute JavaScript when viewed by administrators or users with access...

CVE-2022-0892

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

EUVD-2022-15928

Malicious code in bioql PyPI...

Cross site scripting

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0892 Export All URLs < 4.2 - Reflected Cross-Site Scripting

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting...