CVE-2025-10388 Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting

A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched...

PT-2025-37398

Name of the Vulnerable Software and Affected Versions: Selleo Mentingo version 2025.08.27 Description: A cross-site scripting issue exists due to manipulation of the Description argument in the processing of the /api/course/enroll-course endpoint within the Create New Course Basic Settings...

MasterStudy LMS < 3.0.18 - Unauthenticated Instructor Account Creation

Description The plugin does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. 1. Visit the Profiles Settings page for the plugin: MS LMS LMS Settings Profiles 2. Ensure that "Disable Instructor...

PT-2008-4824 · Blackboard · Blackboard Academic Suite

Name of the Vulnerable Software and Affected Versions: Blackboard Academic Suite version 8.0.260.7 Description: The issue affects the authentication of student users, allowing remote attackers to hijack it for requests that change configuration and enrollments. This is achieved through unspecifie...