Lucene search
K

183 matches found

OSV
OSV
added 2024/11/20 9:15 p.m.3 views

CVE-2024-48530

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS5.8AI score0.0056EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/20 12:0 a.m.8 views

CVE-2024-48530

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...

6.9AI score0.0056EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.5 views

PT-2024-33131 · Unknown · Esoft Planner

Name of the Vulnerable Software and Affected Versions: eSoft Planner version 3.24.08271-USA Description: An issue in the Instructor Appointment Availability module allows attackers to cause a Denial of Service DoS via a crafted POST request. Recommendations: For version 3.24.08271-USA, consider...

7.5CVSS7AI score0.0056EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/11/20 12:0 a.m.23 views

CVE-2024-48530

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.0056EPSS
Exploits1References1
NVD
NVD
added 2024/10/25 8:15 a.m.24 views

CVE-2024-47158

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...

7.4CVSS0.00219EPSS
Exploits0References1
OSV
OSV
added 2024/10/25 8:15 a.m.3 views

CVE-2024-47158

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...

5.4CVSS5.9AI score0.00219EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 5:48 a.m.2 views

N-LINE vulnerable to HTML injection

Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...

7.4CVSS6.8AI score0.00219EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/08/09 12:0 a.m.11 views

WordPress Tutor LMS Plugin <= 2.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c09ff6728ca9 Credits justakazh Required privilege Instructor...

6.5CVSS6.6AI score0.00279EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/25 2:34 p.m.10 views

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.7AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2024/07/25 2:34 p.m.10 views

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.5 views

PT-2024-5257 · Amazon · Aws S3

Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...

5.3CVSS7AI score0.00331EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/07/22 6:36 a.m.6 views

WordPress MasterStudy LMS plugin < 3.3.24 - Privilege Escalation to Instructor vulnerability

Privilege Escalation to Instructor vulnerability discovered by Jaime F. Murillo in WordPress Plugin MasterStudy LMS versions 3.3.24...

9.1CVSS7AI score0.00493EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/22 6:15 a.m.38 views

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

9.1CVSS0.00493EPSS
Exploits1References1
OSV
OSV
added 2024/07/22 6:15 a.m.4 views

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

8.8CVSS5.8AI score0.00493EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.7 views

PT-2024-37284 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin versions prior to 3.3.24 Description: The issue allows students to create instructor accounts, potentially granting them access to unauthorized functionalities. Recommendations: For versions prior to 3.3.2...

9.1CVSS7.2AI score0.00493EPSS
Exploits1References6
Patchstack
Patchstack
added 2024/07/11 12:0 a.m.13 views

WordPress Academy LMS Plugin <= 2.0.4 is vulnerable to Broken Access Control

Software Academy LMS Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38701 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1381c0d8b2d7 Credits filime Required privilege Academy...

8.8CVSS6.6AI score0.00372EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/06/07 12:33 p.m.49 views

CVE-2024-5438

CVE-2024-5438: Tutor LMS – eLearning and online course solution for WordPress affects all versions up to 2.7.1. The issue is an Insecure Direct Object Reference in the quiz attempts deletion path via the attempt_delete function, due to missing validation on a user-controlled key. This allows auth...

4.3CVSS4.8AI score0.00343EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/07 12:33 p.m.12 views

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS6.7AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/06/07 12:33 p.m.26 views

CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...

4.3CVSS0.00343EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/06/07 12:0 a.m.11 views

Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS6.6AI score0.00343EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder