In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.

CVE-2023-36994: TravianZ Hacked

IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  213650.

CVE-2021-39014: IBM Cloud Object System cross-site scripting CVE-2021-39014 Vulnerability Report

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.

Expand Up

@@ -188,7 +188,7 @@ public static function addNode($code, $name, $canHaveCourses, $parent\_id)

$tree\_pos = $row\['maxTreePos'\] + 1;

  

$params = \[

'name' => $name,

'name' => html\_filter($name),

'code' => $code,

'parent\_id' => empty($parent\_id) ? null : $parent\_id,

'tree\_pos' => $tree\_pos,

Expand Down Expand Up

@@ -300,29 +300,34 @@ public static function editNode(

$tbl\_course = Database::get\_main\_table(TABLE\_MAIN\_COURSE);

$tbl\_category = Database::get\_main\_table(TABLE\_MAIN\_CATEGORY);

  

$code = trim(Database::escape\_string($code));

$name = trim(Database::escape\_string($name));

$old\_code = Database::escape\_string($old\_code);

$canHaveCourses = Database::escape\_string($canHaveCourses);

$code = CourseManager::generate\_course\_code($code);

$name = html\_filter($name);

  

$code = CourseManager::generate\_course\_code($code);

// Updating category

$sql = "UPDATE $tbl\_category SET

name='$name',

code='$code',

auth\_course\_child = '$canHaveCourses'

WHERE code = '$old\_code'";

Database::query($sql);

Database::update(

$tbl\_category,

\[

'name' => $name,

'code' => $code,

'auth\_course\_child' => $canHaveCourses,

\],

\['code = ?' => $old\_code\]

);

  

// Updating children

$sql = "UPDATE $tbl\_category SET parent\_id = '$code'

WHERE parent\_id = '$old\_code'";

Database::query($sql);

Database::update(

$tbl\_category,

\['parent\_id' => $code\],

\['parent\_id = ?' => $old\_code\]

);

  

// Updating course category

$sql = "UPDATE $tbl\_course SET category\_code = '$code'

WHERE category\_code = '$old\_code' ";

Database::query($sql);

Database::update(

$tbl\_course,

\['category\_code' => $code\],

\['category\_code = ?' => $old\_code\]

);

  

Database::update(

$tbl\_category,

Expand Down

CVE-2023-37062: Course: filter HTML when saving/updating category · chamilo/chamilo-lms@c263933

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3543

A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3544

Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.

Expand Up

@@ -195,13 +195,15 @@

  

if (isset($\_POST\['Submit'\]) && $\_POST\['Submit'\]) {

// changing the name

$name = Database::escape\_string($\_POST\['txt\_name'\]);

$name = html\_filter($\_POST\['txt\_name'\]);

$postId = (int) $\_POST\['edit\_id'\];

$sql = "UPDATE $tbl\_admin\_languages SET original\_name='$name'

WHERE id='$postId'";

$result = Database::query($sql);

Database::update(

$tbl\_admin\_languages,

\['original\_name' => $name\],

\['id = ?' => $postId\]

);

// changing the Platform language

if ($\_POST\['platformlanguage'\] && $\_POST\['platformlanguage'\] != '') {

if (isset($\_POST\['platformlanguage'\]) && $\_POST\['platformlanguage'\] != '') {

api\_set\_setting('platformLanguage', $\_POST\['platformlanguage'\], null, null, $\_configuration\['access\_url'\]);

}

} elseif (isset($\_POST\['action'\])) {

Expand Down

CVE-2023-37061: Admin: filter HTML when updating language · chamilo/chamilo-lms@75e9b3e

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

CVE-2023-37067: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

CVE-2023-37065: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

Tag

#xss