Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Dokeos Security Vulnerabilities

cve
cve

CVE-2009-2005

Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown...

7.4AI Score

0.003EPSS

2022-10-03 04:24 PM
19
cve
cve

CVE-2012-5776

Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in...

5.4CVSS

5.3AI Score

0.001EPSS

2020-01-29 03:15 PM
22
cve
cve

CVE-2014-1877

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message...

5.9AI Score

0.003EPSS

2014-03-13 02:55 PM
16
cve
cve

CVE-2013-6341

SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to...

8.4AI Score

0.002EPSS

2013-12-05 06:55 PM
23
cve
cve

CVE-2009-2007

Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) in the lang parameter to main/exercice/hotspot_lang_conversion.php and (2) read arbitrary files via a.....

7.1AI Score

0.015EPSS

2009-06-08 07:30 PM
19
cve
cve

CVE-2009-2009

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to...

6AI Score

0.003EPSS

2009-06-08 07:30 PM
17
cve
cve

CVE-2009-2004

Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than...

8.6AI Score

0.006EPSS

2009-06-08 07:30 PM
24
cve
cve

CVE-2009-2006

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item...

5.8AI Score

0.003EPSS

2009-06-08 07:30 PM
23
cve
cve

CVE-2009-2008

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than...

8.6AI Score

0.003EPSS

2009-06-08 07:30 PM
27
cve
cve

CVE-2008-3363

Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the include...

7AI Score

0.057EPSS

2008-07-30 04:41 PM
26
cve
cve

CVE-2008-1223

Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified...

7.5AI Score

0.001EPSS

2008-03-10 05:44 PM
19
cve
cve

CVE-2008-1222

Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.7AI Score

0.003EPSS

2008-03-10 05:44 PM
27
cve
cve

CVE-2008-0850

Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4).....

8.5AI Score

0.005EPSS

2008-02-21 12:44 AM
24
cve
cve

CVE-2008-0851

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4)....

5.8AI Score

0.005EPSS

2008-02-21 12:44 AM
22
cve
cve

CVE-2007-6574

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3)...

5.8AI Score

0.004EPSS

2007-12-28 09:46 PM
19
cve
cve

CVE-2007-6479

Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a...

7AI Score

0.003EPSS

2007-12-20 08:46 PM
20
cve
cve

CVE-2007-2902

SQL injection vulnerability in main/auth/my_progress.php in Dokeos 1.8.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the course...

7.8AI Score

0.006EPSS

2007-05-30 10:30 AM
22
cve
cve

CVE-2007-2901

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified...

5.8AI Score

0.007EPSS

2007-05-30 10:30 AM
20
cve
cve

CVE-2007-2889

SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen...

8.4AI Score

0.002EPSS

2007-05-30 01:30 AM
17
cve
cve

CVE-2006-4844

PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser]...

7.5AI Score

0.074EPSS

2006-09-19 01:07 AM
37
cve
cve

CVE-2006-3924

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified...

6AI Score

0.003EPSS

2006-07-28 11:04 PM
17
cve
cve

CVE-2006-2286

Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3)...

7.7AI Score

0.021EPSS

2006-05-10 02:14 AM
31
cve
cve

CVE-2006-2285

PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath...

7.5AI Score

0.088EPSS

2006-05-10 02:14 AM
29
cve
cve

CVE-2006-2284

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in...

7.5AI Score

0.016EPSS

2006-05-10 02:14 AM
35
cve
cve

CVE-2005-2598

Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to...

7.5AI Score

0.004EPSS

2005-08-17 04:00 AM
21