Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Dokeos 多个跨站脚本漏洞
Vulnerability Description
Dokeos存在多个跨站脚本漏洞。远程攻击者可以通过 (1) inscription.php的username参数,(2) main/calendar/myagenda.php的courseCode参数,(3)main/admin/course_category.php的category 参数,(4)main/admin/session_list.php的show_message操作中的message参数 和 (5) main/auth/profile.php中的一个头像图片注入任意Web脚本和HTML。
CVSS Information
N/A
Vulnerability Type
N/A