header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Show More

DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities

DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site. URI based XSS vulnerabilities are also present.

7.5
CVSS
HIGH
Multiple Stored XSS Vulnerabilities
79
CWE
Product Name
DoceboLMS
Platforms Tested
Microsoft Windows XP Professional SP3 (EN), Apache 2.2.14 (Win32), PHP 5.3.1, MySQL 5.1.41
Affected Version
From:
4.0.4 CE
To:
4.0.4 CE
2011

Recent Exploits:

RDPGuard 9.9.9 – Privilege Escalation

author
Ahmet Ümit BAYRAM
vendor
RDPGuard
severity
6.1
HIGH

YesWiki Unauthenticated Path Traversal

author
Al Baradi Joy
vendor
YesWiki
severity
7.1
HIGH

ABB Cylon Aspect 3.08.02 Stored Cross-Site Scripting Vulnerability

author
Gjoko 'LiquidWorm' Krstic
vendor
ABB Ltd.
severity
6.1
HIGH

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

author
Abdualhadi khalifa
vendor
Apache
severity
6.1
HIGH

GeoVision GV-ASManager 6.1.1.0 – CSRF

author
Giorgi Dograshvili [DRAGOWN]
vendor
GeoVision
severity
6.1
HIGH

ABB Cylon FLXeon 9.3.4 WebSocket Command Spawning Vulnerability

author
Zero Science Lab
vendor
ABB Ltd.
severity
6.1
HIGH

GestioIP 3.5.7 – Stored Cross-Site Scripting Vulnerability

author
m4xth0r (Maximiliano Belino)
vendor
GestioIP
severity
6.1
HIGH

Cacti 1.2.26 – Remote Code Execution (RCE) (Authenticated)

author
D3Ext
vendor
Cacti
severity
6.1
HIGH

Exclusive Addons for Elementor ≤ 2.6.9 – Authenticated Stored Cross-Site Scripting (XSS)

author
Al Baradi Joy
vendor
exclusiveaddons
severity
5.1
MEDIUM

Kentico Xperience 13.0.178 – Cross Site Scripting (XSS)

author
Alex Messham
vendor
Kentico
severity
6.1
HIGH

Navigation

Suggest Exploit

Services By CQR