CVE-2014-1877 |
|
Medium |
Mar 13, 2014 |
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2
more...
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.
less...
|
2.1.1
|
CVE-2013-6341 |
|
High |
Dec 05, 2013 |
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index
more...
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
less...
|
2.1.1, 2.0, 1.8.6.3, 1.8.6.2
|
CVE-2012-5776 |
|
Low |
Jan 29, 2020 |
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
less...
|
2.1.1
|
BDSA-2016-0957 |
|
Medium |
Dec 05, 2017 |
A vulnerability in the community edition of Dokeos allows an attacker to bypass authentication and login as an existing user. The vulnerability exists
more...
A vulnerability in the community edition of Dokeos allows an attacker to bypass authentication and login as an existing user. The vulnerability exists due to the use of the `unserialize()` function and a lack of user input validation in the file `local.inc.php`. If an attacker knows a user's username, it is possible to login by passing a Boolean value of true to `$sso['secret']` instead of a password. After bypassing authentication, an attacker could perform actions with the permissions of the authenticated user.
less...
|
|