A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3543

A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3544

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

CVE-2023-37067: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

CVE-2023-37065: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

CVE-2023-37066: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.

CVE-2023-37063: Security issues - Chamilo LMS

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.

With the **combinations** on fly module, you will **amazingly accelerate the product page loading**, it's an **unlimitated product combinations generator.**

The most detrimental to shop is the number of combinations for a product, the **generator** that can not accept the generation of all combinations if they are too numerous, the second point is even more penalizing on products pages loading, because PrestaShop load all existing combinations, which can, in some cases, lead to **unacceptable page display times for customers** and especially they will be penalized by **Google algorithms**, and lead to the fall of your pages rank in searchs.

The **combinations on the fly** module allows to generate only **simple combinations** (only 1 attribute), which **reduces their generation time** and no longer a problem even if you have a lot of attribute values.

On the product, **only the existing combinations are loaded on page display**, allowing to **minimize its duration**.

You will be able to **generate unlimited combinations** with the Prestashop generator.

When a customer changes an attribute, if the resulting combination does not exist, the module **create and load it**.

There is a system to remove the generated combinations in order not to overload the server, the combinations being obsolete after order, so your pages will be lighter than ever and your server will gain speed.

The installation of the module on the site of a customer made it possible to **divide the time of display by 3** and the weight of the page by 4.

Links to download the documentations of the module are available at the bottom of the page.

**Prestashop compatible version**

1.5 & 1.6

**Module version**

0.3.1

Demo url

CVE-2023-33664: Prestashop module combinations on fly

A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.

CVE-2023-3541

A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability.

Tag

#php