757 matches found
CVE-2024-11321
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Hi e-learning Learning Management System LMS allows Reflected XSS. This issue affects Learning Management System LMS: before 06.12.2024...
CVE-2024-11321
CVE-2024-11321 describes a reflected XSS in Hi e-learning’s Learning Management System (LMS) caused by improper input neutralization during web page generation. Affected: LMS versions prior to 06.12.2024. CVSSv3.1 base score 5.4 (Medium) with Network attack vector, Low impact on confidentiality a...
CVE-2024-11444
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevorendermoduleui function. This makes it possible for unauthenticated attackers to...
CVE-2024-11444 CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevorendermoduleui function. This makes it possible for unauthenticated attackers to...
CVE-2024-11444
CVE-2024-11444 : CLUEVO LMS (WordPress plugin)
WordPress plugin CLUEVO LMS, E-Learning Platform 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
Hi e-learning Learning Management System 跨站脚本漏洞
Hi e-learning Learning Management System Hi e-learning LMS is an online learning solution from Hi e-learning, Inc. A cross-site scripting vulnerability exists in versions of Hi e-learning Learning Management System prior to 06.12.2024, which stems from improper input neutralization during web pag...
Moodle Authorization Issues Vulnerability (CNVD-2024-46247)
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from the need to perform additional checks to ensure that ...
Moodle Access Control Error Vulnerability
Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an Access Control Error vulnerability that stems from insufficient access control over the inclusion of an...
CVE-2024-50831
A SQL Injection was found in /admin/adminuser.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...
CVE-2024-50830
A SQL Injection vulnerability was found in /admin/calendarofevents.php in kashipara E-learning Management System Project 1.0 via the datestart, dateend, and title parameters...
CVE-2024-50831
A SQL Injection was found in /admin/adminuser.php in kashipara E-learning Management System Project 1.0 via the username and password parameters...
CVE-2024-50826
A SQL Injection vulnerability was found in /admin/addcontent.php in kashipara E-learning Management System Project 1.0 via the title and content parameters...
CVE-2024-50829
A SQL Injection vulnerability was found in /admin/editsubject.php in kashipara E-learning Management System Project 1.0 via the unit parameter...
CVE-2024-50826
A SQL Injection vulnerability was found in /admin/addcontent.php in kashipara E-learning Management System Project 1.0 via the title and content parameters...
CVE-2024-50824
A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the classname parameter...
CVE-2024-50825
A SQL Injection vulnerability was found in /admin/schoolyear.php in kashipara E-learning Management System Project 1.0 via the schoolyear parameter...
CVE-2024-50827
A SQL Injection vulnerability was found in /admin/addsubject.php in kashipara E-learning Management System Project 1.0 via the subjectcode parameter...
CVE-2024-50828
A SQL Injection vulnerability was found in /admin/editdepartment.php in kashipara E-learning Management System Project 1.0 via the d parameter...
CVE-2024-50829
A SQL Injection vulnerability was found in /admin/editsubject.php in kashipara E-learning Management System Project 1.0 via the unit parameter...