Open Source Learning AND Knowledge Management Tool

DATE	CVE	VULNERABILITY TITLE	RISK
2008-03-10	CVE-2008-1223	Remote Code Execution and Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4 Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors. network low complexity dokeos	7.5
2008-03-10	CVE-2008-1222	Cross-Site Scripting vulnerability in Dokeos Open Source Learning and Knowledge Management Tool 1.8.4 Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network dokeos CWE-79	4.3
2007-12-28	CVE-2007-6574	Cross-Site Scripting vulnerability in Dokeos products Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php. network dokeos CWE-79	4.3
2007-05-30	CVE-2007-2889	SQL Injection vulnerability in Dokeos CourseLog.PHP SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter. network low complexity dokeos	7.5
2006-09-19	CVE-2006-4844	Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. network high complexity claroline dokeos CWE-94	5.1
2006-05-10	CVE-2006-2285	Remote File Include vulnerability in Claroline PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. network high complexity dokeos	5.1