NotCVE - vendor:"Chamilo" product:"Chamilo Lms"

Page 3 of 50 results (0.004 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31800

https://notcve.org/view.php?id=CVE-2023-31800

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31801

https://notcve.org/view.php?id=CVE-2023-31801

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31802

https://notcve.org/view.php?id=CVE-2023-31802

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31803

https://notcve.org/view.php?id=CVE-2023-31803

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31804

https://notcve.org/view.php?id=CVE-2023-31804

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31805

https://notcve.org/view.php?id=CVE-2023-31805

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31806

https://notcve.org/view.php?id=CVE-2023-31806

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-31807

https://notcve.org/view.php?id=CVE-2023-31807

09 May 2023 — Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. • http://chamilo.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27426

https://notcve.org/view.php?id=CVE-2022-27426

15 Apr 2022 — A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en Chamilo LMS versión v1.11.13, permite a atacantes enumerar la red interna y ejecutar comandos arbitrarios del sistema por medio de un archivo Phar diseñado • https://support.chamilo.org/projects/1/wiki/Security_issues • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27423

https://notcve.org/view.php?id=CVE-2022-27423

15 Apr 2022 — Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php. Se ha detectado que Chamilo LMS versión v1.11.13, contiene una vulnerabilidad de inyección SQL por medio del parámetro blog_id en el archivo /blog/blog.php • https://support.chamilo.org/projects/1/wiki/Security_issues • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1 2 3 4 5