A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2023-3544

Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.

Expand Up

@@ -195,13 +195,15 @@

  

if (isset($\_POST\['Submit'\]) && $\_POST\['Submit'\]) {

// changing the name

$name = Database::escape\_string($\_POST\['txt\_name'\]);

$name = html\_filter($\_POST\['txt\_name'\]);

$postId = (int) $\_POST\['edit\_id'\];

$sql = "UPDATE $tbl\_admin\_languages SET original\_name='$name'

WHERE id='$postId'";

$result = Database::query($sql);

Database::update(

$tbl\_admin\_languages,

\['original\_name' => $name\],

\['id = ?' => $postId\]

);

// changing the Platform language

if ($\_POST\['platformlanguage'\] && $\_POST\['platformlanguage'\] != '') {

if (isset($\_POST\['platformlanguage'\]) && $\_POST\['platformlanguage'\] != '') {

api\_set\_setting('platformLanguage', $\_POST\['platformlanguage'\], null, null, $\_configuration\['access\_url'\]);

}

} elseif (isset($\_POST\['action'\])) {

Expand Down

CVE-2023-37061: Admin: filter HTML when updating language · chamilo/chamilo-lms@75e9b3e

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.

CVE-2023-37067: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.

CVE-2023-37065: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.

CVE-2023-37064: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

CVE-2023-37066: Security issues - Chamilo LMS

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.

CVE-2023-37063: Security issues - Chamilo LMS

A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.

**G3W-SUITE**

G3W-SUITE is the easiest way to publish QGIS projects on WebGIS services.

G3W-SUITE is a framework built with Django and VueJs,.

**Pinned**

1.  Server module for G3W-SUITE
    
    JavaScript 30 30
    
2.  Run G3W-SUITE stack with docker-compose
    
    HTML 17 25
    
3.  Map viewer addon for G3W-SUITE
    
    JavaScript 14 12
    
4.  Edit and translate G3W-SUITE end-user documentation
    
    Python 1 3
    

**Repositories**

*   Python 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    
*   Vue 0 MPL-2.0 0
    
    0 0
    
    Updated Jul 7, 2023
    

*   JavaScript
    
    30
    
    MPL-2.0
    
    30 32 6
    
    Updated Jul 6, 2023
    
*   JavaScript 0
    
    3 3 2
    
    Updated Jul 4, 2023
    
*   HTML
    
    17 25 16 5
    
    Updated Jun 22, 2023
    
*   Vue 0
    
    2 1 0
    
    Updated Jun 22, 2023
    
*   0 MPL-2.0 0
    
    3 0
    
    Updated Jun 13, 2023
    
*   JavaScript 0
    
    1 0 0
    
    Updated Jun 8, 2023

CVE-2023-29998: G3W-SUITE

A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12<script>alert(1)</script>o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability.

CVE-2023-3541

A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability.

Tag

#xss