2 matches found
CVE-2025-52563
Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting XSS vulnerability due to insufficient sanitization of the page parameter in the session/adduserstosession.php endpoint. This issue has been patched in version 1.11.30...
CVE-2022-1532
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...