Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

CVE-2023-37066: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.

CVE-2023-37063: Security issues - Chamilo LMS

A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.

**G3W-SUITE**

G3W-SUITE is the easiest way to publish QGIS projects on WebGIS services.

G3W-SUITE is a framework built with Django and VueJs,.

**Pinned**

1.  Server module for G3W-SUITE
    
    JavaScript 30 30
    
2.  Run G3W-SUITE stack with docker-compose
    
    HTML 17 25
    
3.  Map viewer addon for G3W-SUITE
    
    JavaScript 14 12
    
4.  Edit and translate G3W-SUITE end-user documentation
    
    Python 1 3
    

**Repositories**

*   Python 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    
*   Vue 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    

*   JavaScript
    
    30
    
    MPL-2.0
    
    30 32 6
    
    Updated Jul 6, 2023
    
*   JavaScript 0
    
    3 3 2
    
    Updated Jul 4, 2023
    
*   HTML
    
    17 25 16 5
    
    Updated Jun 22, 2023
    
*   Vue 0
    
    2 1 0
    
    Updated Jun 22, 2023
    
*   0 MPL-2.0 0
    
    3 0
    
    Updated Jun 13, 2023
    
*   JavaScript 0
    
    1 0 0
    
    Updated Jun 8, 2023

CVE-2023-29998: G3W-SUITE

A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.

CVE-2023-3541

A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability.

CVE-2023-3542

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.

CVE-2023-25201: Security Advisories - usd HeroLab

A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292.

CVE-2023-3540

A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.

CVE-2023-3539

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.

Tag

#xss