Vulnerabilities > Dokeos > Low

DATE CVE VULNERABILITY TITLE RISK
2020-01-29 CVE-2012-5776 Cross-site Scripting vulnerability in Dokeos 2.1.1
Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.
network
dokeos CWE-79
3.5
3.5
2009-06-08 CVE-2009-2006 Cross-Site Scripting vulnerability in Dokeos 1.8.5
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php.
network
high complexity
dokeos CWE-79
2.6
2.6