15 matches found
CVE-2025-52564
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
EUVD-2025-208179
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
CVE-2025-52564 Chamilo: HTML injection via open parameter
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
CVE-2025-52564
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
PT-2026-22621
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30...
EUVD-1999-0986
Malware in sbrugna...
EUVD-1999-0987
Malware in sbrugna...
EUVD-2005-3022
Malware in sbrugna...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to 1 the default URI or 2 includes/javascript.php, or the 3 title or 4 body parameter to admin/help.php...
Cross site scripting
Cross-site scripting XSS vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter...
CVE-2006-2850
Cross-site scripting XSS vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter...
CVE-2005-3024
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 announcement parameter to announcement.php, the 2 threadforumid or 3 criteria parameters to thread.php, 4 userid parameter to user.php, the 5...
CVE-1999-1005
Vulnerability (CVE-1999-1005) GroupWise Web Interface GWWEB.EXE permits remote file read via a directory-traversal style attack on the HELP parameter, enabling reading local files with .htm extensions. The OpenVAS entry corroborates that by modifying the GroupWise Web Interface HELP URL request, ...
CVE-1999-1006
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter...
CVE-1999-1006
Groupwise web server GWWEB.EXE allows remote attackers to determine the real path of the web server via the HELP parameter...