Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2008-0851

Published: 21/02/2008 Updated: 15/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Dokeos

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote malicious users to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.

Vulnerable Product Search on Vulmon Subscribe to Product

dokeos e-learning system 1.8.4

Exploits

Exploit DB: Dokeos 1.8.4 - '/main/calendar/myagenda.php?courseCode' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue Attackers can exploit these issues to execute arbitrary script code in the context of the webser ...
Exploit DB: Dokeos 1.8.4 - '/main/admin/session_list.php?cmessage' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue Attackers can exploit these issues to execute arbitrary script code in the context of the we ...
Exploit DB: Dokeos 1.8.4 - '/main/admin/course_category.php?category' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue Attackers can exploit these issues to execute arbitrary script code in the context of the webs ...

References

CWE-79http://projects.dokeos.com/index.php?do=details&task_id=2218http://secunia.com/advisories/28974http://www.securityfocus.com/bid/27792http://www.securitytracker.com/id?1019425http://securityreason.com/securityalert/3687http://www.vupen.com/english/advisories/2008/0587http://www.securityfocus.com/archive/1/488314/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/31196/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook