CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33116
https://notcve.org/view.php?id=CVE-2022-33116
An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. Un problema en la variable jmpath en el archivo /modules/mindmap/index.php de GUnet Open eClass Platform (también se conoce como openeclass) versiones v3.12.4 y anteriores, permite a atacantes leer archivos arbitrarios por medio de un salto de directorio • https://emaragkos.gr/gunet-open-eclass-authenticated-path-traversal https://github.com/gunet/openeclass https://hg.gunet.gr/openeclass/diff/cbfc90094d51/modules/mindmap/index.php https://www.openeclass.org/en • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-7389
https://notcve.org/view.php?id=CVE-2017-7389
Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se han descubierto múltiples XSS en 'openeclass Release_3.5.4'. Las vulnerabilidades existen debido a la filtración insuficiente de los datos proporcionados por el usuario (meeting_id, user) pasados a la URL 'openeclass-master/modules/tc/webconf/webconf.php'. • http://www.securityfocus.com/bid/97310 https://github.com/gunet/openeclass/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •