Lucene search
K

73 matches found

CNNVD
CNNVD
added 2024/12/06 12:0 a.m.7 views

WordPress plugin CLUEVO LMS, E-Learning Platform 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS8.2AI score0.00215EPSS
Exploits0References3
CNVD
CNVD
added 2024/11/26 12:0 a.m.5 views

Moodle Authorization Issues Vulnerability (CNVD-2024-46247)

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from the need to perform additional checks to ensure that ...

4.3CVSS7AI score0.00281EPSS
Exploits0References1
NVD
NVD
added 2024/06/13 11:15 p.m.21 views

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

6CVSS0.00411EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/13 12:0 a.m.16 views

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

6.2AI score0.00411EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.4 views

OpenEclass E-learning Platform Security Vulnerability

OpenEclass E-learning Platform is an integrated course management system from Open Eclass open source. A security vulnerability exists in OpenEclass E-learning Platform version 3.15 and earlier. An attacker exploited the vulnerability to execute arbitrary code via the title and description fields...

6CVSS7.7AI score0.00411EPSS
Exploits1References2
OSV
OSV
added 2024/06/13 12:0 a.m.8 views

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

6CVSS6.2AI score0.00411EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/06/13 12:0 a.m.24 views

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

0.00411EPSS
Exploits1References1
CVE
CVE
added 2024/06/13 12:0 a.m.60 views

CVE-2024-33253

OpenEclass OpenEclass E-learning Platform (GUnet)

6CVSS6.4AI score0.00411EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/05/31 12:0 a.m.7 views

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that stems from the failure to sanitize hypertext markup language in site logs...

4.3CVSS6.7AI score0.00353EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2024/04/12 12:0 a.m.367 views

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

Exploit Title: GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload Date: 2024-02-04 Exploit Author: Georgios Tsimpidas Vendor Homepage: https://www.openeclass.org/ Software Link: https://download.openeclass.org/files/3.15/ Version: 3.15 2024 Tested on: Debian Kali...

9.8CVSS6.7AI score0.03821EPSS
Exploits6
GithubExploit
GithubExploit
added 2024/04/11 1:48 p.m.465 views

Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass

CVE-2024-31777 | GUnet OpenEclass E-learning platform Unrestri...

9.8CVSS10AI score0.03821EPSS
Exploits6
Prion
Prion
added 2024/03/11 8:15 p.m.34 views

Design/Logic Flaw

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

4.6CVSS4.8AI score0.00431EPSS
Exploits0References3
CVE
CVE
added 2024/03/11 7:38 p.m.106 views

CVE-2024-28198

OpenOLAT contains an XXE/SSRF vulnerability in the draw.io integration that allows an attacker to read arbitrary files as the system user by manipulating HTTP requests. Affected versions are OpenOLAT prior to 18.1.6 and prior to 18.2.2. The issue is fixed in 18.1.6 and 18.2.2; users should upgrad...

7.5CVSS4.7AI score0.00431EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/03/11 7:38 p.m.26 views

CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version...

4.6CVSS5AI score0.00431EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.4 views

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...

6.1CVSS6.5AI score0.00506EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/10/18 12:0 a.m.5 views

Moodle Security Breach

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle. No information about this vulnerability is available at this time, please stay tuned to CNN...

5.3CVSS6.5AI score0.0056EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2023/10/12 12:0 a.m.11 views

CLUEVO LMS, E-Learning Platform < 1.11.0 - Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS6.4AI score0.00214EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/06 2:51 p.m.13 views

CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

4.3CVSS7.4AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/06 2:51 p.m.24 views

CVE-2023-40607 WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin = 1.10.0 versions...

4.3CVSS9AI score0.00214EPSS
Exploits0References1
CVE
CVE
added 2023/10/06 2:51 p.m.64 views

CVE-2023-40607

CVE-2023-40607 is a CSRF vulnerability in the WordPress plugin CLUEVO LMS, E-Learning Platform , affecting versions ≤ 1.10.0 . The issue could enable an unauthenticated attacker to trigger actions on behalf of a user; remediation is to upgrade to version 1.11.0 or newer . Public sources show vary...

8.8CVSS6.5AI score0.00214EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder