307 matches found
CVE-2024-4743
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlmsfavorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-4743
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlmsfavorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2024-4743 LifterLMS – WordPress LMS Plugin for eLearning <= 7.6.2 - Authenticated (Contributor+) SQL Injection via Shortcode
The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to SQL Injection via the orderBy attribute of the lifterlmsfavorites shortcode in all versions up to, and including, 7.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient...
elearning.poliupg.ac.id Cross Site Scripting vulnerability OBB-3928136
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
elearning.uika-bogor.ac.id Cross Site Scripting vulnerability OBB-3928133
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Tutor LMS – eLearning and online course solution < 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutorcoursedelete' function due to missing validation on a user controlled key. Thi...
Tutor LMS < 2.7.0 - Missing Authorization to Unauthenticated Limited Options Update
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hidenotices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers ...
Tutor LMS – eLearning and online course solution < 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user suppli...
Masteriyo - LMS < 1.7.3 - Unauthenticated Privilege Escalation
Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated...
CVE-2024-3321
A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation of the argument Subject Code/Description leads to cross site scripting. It is possible to initiate the attack remotel...
CVE-2024-3321
A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation of the argument Subject Code/Description leads to cross site scripting. It is possible to initiate the attack remotel...
CVE-2024-3321 SourceCodester eLearning System Maintenance Module cross site scripting
A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation of the argument Subject Code/Description leads to cross site scripting. It is possible to initiate the attack remotel...
CVE-2024-3321 SourceCodester eLearning System Maintenance Module cross site scripting
A vulnerability classified as problematic has been found in SourceCodester eLearning System 1.0. This affects an unknown part of the component Maintenance Module. The manipulation of the argument Subject Code/Description leads to cross site scripting. It is possible to initiate the attack remotel...
CVE-2024-3320
A vulnerability was found in SourceCodester eLearning System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability ...
CVE-2024-3320
A vulnerability was found in SourceCodester eLearning System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability ...
CVE-2024-3320
Affected software: SourceCodester eLearning System 1.0. The issue is a Cross‑Site Scripting vulnerability caused by manipulation of the page parameter, enabling XSS. The attack surface is remote and the vulnerability is tied to an unspecified functionality in the application. Several sources conf...
CVE-2024-3320 SourceCodester eLearning System cross site scripting
A vulnerability was found in SourceCodester eLearning System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability ...
eLearning System 跨站脚本漏洞
eLearning System is an eLearning system from the personal developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester eLearning System version 1.0, which is caused by a cross-site scripting vulnerability in the Subject Code/Description parameter...
eLearning System 跨站脚本漏洞
eLearning System is an eLearning system from the personal developer Carlo Montero. A cross-site scripting vulnerability exists in SourceCodester eLearning System version 1.0, which is caused by a cross-site scripting vulnerability in the page parameter...
PT-2024-25148 · Sourcecodester · Sourcecodester Elearning System
Name of the Vulnerable Software and Affected Versions: SourceCodester eLearning System version 1.0 Description: A vulnerability has been found in the Maintenance Module of the SourceCodester eLearning System. The manipulation of the Subject Code/Description argument leads to cross-site scripting...