Dokeos : Security Vulnerabilities, CVEs, (XSS)

CVE-2012-5776

Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
Max CVSS
5.4
EPSS Score
0.05%
Published
2020-01-29
Updated
2020-01-31

CVE-2009-2009

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.
Max CVSS
4.3
EPSS Score
0.25%
Published
2009-06-08
Updated
2017-08-17

CVE-2009-2006

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability.
Max CVSS
2.6
EPSS Score
0.29%
Published
2009-06-08
Updated
2017-08-17

CVE-2008-1222

Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.25%
Published
2008-03-10
Updated
2017-08-08

CVE-2008-0851

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode parameter to main/calendar/myagenda.php, (3) category parameter to main/admin/course_category.php, (4) message parameter to main/admin/session_list.php in a show_message action, and (5) an avatar image to main/auth/profile.php.
Max CVSS
4.3
EPSS Score
0.49%
Published
2008-02-21
Updated
2018-10-15

CVE-2007-6574

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
Max CVSS
4.3
EPSS Score
0.36%
Published
2007-12-28
Updated
2018-10-15

CVE-2007-2901

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the img parameter to main/inc/lib/fckeditor/editor/plugins/ImageManager/editor.php and other unspecified vectors.
Max CVSS
4.3
EPSS Score
0.64%
Published
2007-05-30
Updated
2017-10-11

CVE-2006-3924

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.27%
Published
2006-07-28
Updated
2008-09-05
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close