Kibokolabs

Namaste! Lms

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-53809

  • EPSS 0.3%
  • Veröffentlicht 06.12.2024 14:15:23
  • Zuletzt bearbeitet 06.12.2024 14:15:23

Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1.

6.1

CVE-2024-50407

  • EPSS 0.3%
  • Veröffentlicht 29.10.2024 11:15:05
  • Zuletzt bearbeitet 07.11.2024 20:28:22

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Reflected XSS.This issue affects Namaste! LMS: from n/a through 2.6.2.

5.4

CVE-2024-50409

  • EPSS 0.16%
  • Veröffentlicht 29.10.2024 11:15:05
  • Zuletzt bearbeitet 07.11.2024 20:28:43

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.2.

5.4

CVE-2024-50410

  • EPSS 0.16%
  • Veröffentlicht 29.10.2024 11:15:05
  • Zuletzt bearbeitet 07.11.2024 20:29:13

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kiboko Labs Namaste! LMS allows Stored XSS.This issue affects Namaste! LMS: from n/a through 2.6.4.

6.1

CVE-2023-4602

Exploit
  • EPSS 0.87%
  • Veröffentlicht 15.11.2023 13:15:07
  • Zuletzt bearbeitet 21.11.2024 08:35:31

The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unau...

4.8

CVE-2023-24383

  • EPSS 0.11%
  • Veröffentlicht 06.04.2023 11:15:06
  • Zuletzt bearbeitet 21.11.2024 07:47:45

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.

4.8

CVE-2023-0844

Exploit
  • EPSS 0.13%
  • Veröffentlicht 13.03.2023 17:15:12
  • Zuletzt bearbeitet 27.02.2025 16:15:35

The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed...

4.8

CVE-2023-0548

Exploit
  • EPSS 0.29%
  • Veröffentlicht 27.02.2023 16:15:12
  • Zuletzt bearbeitet 10.03.2025 18:15:26

The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall...