Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-37061: Admin: filter HTML when updating language · chamilo/chamilo-lms@75e9b3e

Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.

CVE
Open in Source
#sql#xss

Expand Up

@@ -195,13 +195,15 @@

if (isset($_POST[‘Submit’]) && $_POST[‘Submit’]) {

// changing the name

$name = Database::escape_string($_POST[‘txt_name’]);

$name = html_filter($_POST[‘txt_name’]);

$postId = (int) $_POST[‘edit_id’];

$sql = "UPDATE $tbl_admin_languages SET original_name=’$name’

WHERE id=’$postId’";

$result = Database::query($sql);

Database::update(

$tbl_admin_languages,

[‘original_name’ => $name],

[‘id = ?’ => $postId]

);

// changing the Platform language

if ($_POST[‘platformlanguage’] && $_POST[‘platformlanguage’] != ‘’) {

if (isset($_POST[‘platformlanguage’]) && $_POST[‘platformlanguage’] != ‘’) {

api_set_setting('platformLanguage’, $_POST[‘platformlanguage’], null, null, $_configuration[‘access_url’]);

}

} elseif (isset($_POST[‘action’])) {

Expand Down

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE