CVE Vulnerability Database

In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although …

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) modules.

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary …

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such …

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. …

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php. This issue …

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is not properly sanitized, allowing …

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by improper sanitization of the …

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add …

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of …