Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_user_first POST Parameter in user-registration-form.php, the ulgm_user_last POST Parameter in user-registration-form.php, the ulgm_user_email POST Parameter in user-registration-form.php, the ulgm_code_registration POST Parameter in user-registration-form.php, the ulgm_terms_conditions POST Parameter in user-registration-form.php, the _ulgm_total_seats POST Parameter in frontend-uo_groups_buy_courses.php, the uncanny_group_signup_user_first POST Parameter in group-registration-form.php, the uncanny_group_signup_user_last POST Parameter in group-registration-form.php, the uncanny_group_signup_user_login POST Parameter in group-registration-form.php, the uncanny_group_signup_user_email POST Parameter in group-registration-form.php, the success-invited GET Parameter in frontend-uo_groups.php, the bulk-errors GET Parameter in frontend-uo_groups.php, or the message GET Parameter in frontend-uo_groups.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Uncanny Owl Groups for LearnDash 跨站脚本漏洞
Vulnerability Description
Uncanny Owl Groups for LearnDash是加拿大Uncanny Owl公司的一个为Wordpress中LearnDash提供售卖课程功能的插件。 Uncanny Groups for LearnDash v3.7之前版本存在跨站脚本漏洞,该漏洞允许经过身份验证的远程攻击者可利用该漏洞通过user-code-redemption中的ulgm code redeem POST参数注入任意JavaScript或HTML在用户注册表单中,存在于以下路径中:ulgm_code_redeem
CVSS Information
N/A
Vulnerability Type
N/A