9 matches found
CVE-2025-10388
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...
CVE-2025-10388
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...
CVE-2025-10388 Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...
CVE-2025-10388 Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...
CVE-2025-10388
The CVE-2025-10388 vulnerability concerns Selleo Mentingo version 2025.08.27. Affected component: Create New Course Basic Settings, specifically the /api/course/enroll-course endpoint. Root cause: manipulation of the Description argument leading to cross-site scripting (XSS). The issue can be exp...
Selleo Mentingo 代码注入漏洞
Selleo Mentingo is an in-house training and employee development platform from Selleo Poland. A code injection vulnerability exists in Selleo Mentingo version 2025.08.27, which stems from an incorrect manipulation of the parameter Description in the file /api/course/enroll-course, which could lea...
PT-2025-37398
Name of the Vulnerable Software and Affected Versions: Selleo Mentingo version 2025.08.27 Description: A cross-site scripting issue exists due to manipulation of the Description argument in the processing of the /api/course/enroll-course endpoint within the Create New Course Basic Settings...
MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation
Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...
PT-2008-4824 · Blackboard · Blackboard Academic Suite
Name of the Vulnerable Software and Affected Versions: Blackboard Academic Suite version 8.0.260.7 Description: The issue affects the authentication of student users, allowing remote attackers to hijack it for requests that change configuration and enrollments. This is achieved through unspecifie...