183 matches found
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
PT-2024-33131 · Unknown · Esoft Planner
Name of the Vulnerable Software and Affected Versions: eSoft Planner version 3.24.08271-USA Description: An issue in the Instructor Appointment Availability module allows attackers to cause a Denial of Service DoS via a crafted POST request. Recommendations: For version 3.24.08271-USA, consider...
CVE-2024-48530
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...
CVE-2024-47158
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...
CVE-2024-47158
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...
N-LINE vulnerable to HTML injection
Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...
WordPress Tutor LMS Plugin <= 2.7.3 is vulnerable to Cross Site Scripting (XSS)
Software Tutor LMS Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c09ff6728ca9 Credits justakazh Required privilege Instructor...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default
The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...
PT-2024-5257 · Amazon · Aws S3
Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...
WordPress MasterStudy LMS plugin < 3.3.24 - Privilege Escalation to Instructor vulnerability
Privilege Escalation to Instructor vulnerability discovered by Jaime F. Murillo in WordPress Plugin MasterStudy LMS versions 3.3.24...
CVE-2024-5973
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...
CVE-2024-5973
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...
PT-2024-37284 · WordPress · Masterstudy Lms Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin versions prior to 3.3.24 Description: The issue allows students to create instructor accounts, potentially granting them access to unauthorized functionalities. Recommendations: For versions prior to 3.3.2...
WordPress Academy LMS Plugin <= 2.0.4 is vulnerable to Broken Access Control
Software Academy LMS Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-38701 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1381c0d8b2d7 Credits filime Required privilege Academy...
CVE-2024-5438
CVE-2024-5438: Tutor LMS – eLearning and online course solution for WordPress affects all versions up to 2.7.1. The issue is an Insecure Direct Object Reference in the quiz attempts deletion path via the attempt_delete function, due to missing validation on a user-controlled key. This allows auth...
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for authenticated...
Tutor LMS – eLearning and online course solution < 2.7.2 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attemptdelete' function due to missing validation on a user controlled key. This makes it possible for...