26 matches found
EUVD-2023-44640
Malicious code in bioql PyPI...
EUVD-2021-29309
Malicious code in bioql PyPI...
EUVD-2024-49095
Malicious code in bioql PyPI...
CVE-2025-5214
A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/coursedetailusernew.php. The manipulation of the argument ID leads to sql injection. The attack may be launched...
CVE-2024-43775 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter...
CVE-2024-43774 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in download personal learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the uid parameter...
CVE-2024-7871 Huachu Easytest Online Learning Test Platform - SQL Injection
SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter...
CVE-2024-8328
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks...
CVE-2024-8328
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks...
CVE-2024-8327
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-8327
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-8328
CVE-2024-8328 affects the Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY. The vulnerability is a failure to properly validate a specific page parameter, enabling remote attackers with regular privileges to inject arbitrary JavaScript and perform a reflected cross-...
CVE-2024-8328 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - Reflected XSS
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks...
CVE-2024-8327 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - SQL injection
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2024-8327 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - SQL injection
Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents...
HWA JIUH DIGITAL Easy test Online Learning and Testing Platform 跨站脚本漏洞
HWA JIUH DIGITAL Easy test Online Learning and Testing Platform is an Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL. A cross-site scripting vulnerability exists in HWA JIUH DIGITAL Easy test Online Learning and Testing Platform versions prior to 24A01, which stems from...
CVE-2023-40021
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
Creativeitem Academy-LMS Cross-Site Scripting Vulnerability
Creativeitem Academy-LMS, an online learning platform from Creativeitem, Inc. A cross-site scripting vulnerability exists in Creativeitem Academy-LMS v4.3, which stems from a lack of data validation filtering of user-supplied data and output in the SEO panel. An attacker could exploit this...
CVE-2021-42335
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...