9840 matches found
Command Injection
Overview idno/known is an A social publishing platform Affected versions of this package are vulnerable to Command Injection through the importImagesFromBodyHTML process and unsanitized template parameter handling. An attacker can execute arbitrary operating system commands as the web server user...
GHSA-HW26-MMPG-FQFG lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Summary The hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters, allowing external CSS loading or XSS in older browsers. Details The root cause is located in clean.py around...
lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Summary The hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters, allowing external CSS loading or XSS in older browsers. Details The root cause is located in clean.py around...
CVE-2025-52468
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
CVE-2025-50193
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...
CVE-2025-52468 Chamilo: Stored XSS Vulnerability via CSV User Import
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...
CVE-2025-52468
Chamilo LMS contains a stored XSS vulnerability (CVE-2025-52468) in CSV user imports prior to v1.11.30, due to insufficient sanitization in Last Name, First Name, and Username fields. The stored payload is triggered when a user profile is viewed in the context of the authenticated user. Patch rel...
CVE-2025-52468 Chamilo: Stored XSS Vulnerability via CSV User Import
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...
CVE-2025-52468 Chamilo: Stored XSS Vulnerability via CSV User Import
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...
CVE-2025-52468
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...
CVE-2025-50198
CVE-2025-50198 affects Chamilo before version 1.11.30. The vulnerability is a deserialization of untrusted data in /plugin/vchamilo/views/import.php triggered via POST parameters (configuration_file, course_path, home_path). The issue is addressed in Chamilo 1.11.30. According to the provided met...
EUVD-2025-208171
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
CVE-2025-50198
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...
CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...
CVE-2025-50193
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...
EUVD-2025-208155
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...
CVE-2025-50186
Chamilo LMS prior to version 1.11.30 is affected by a stored XSS vulnerability in CSV filenames. The issue arises from insufficient sanitization of uploaded CSV names, allowing an attacker to upload a file such as .csv that can execute JavaScript when viewed by administrators or users with access...