Vulnerabilities > Kibokolabs > Namaste LMS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-28 | CVE-2024-50408 | Deserialization of Untrusted Data vulnerability in Kibokolabs Namaste! LMS Deserialization of Untrusted Data vulnerability in Kiboko Labs Namaste! LMS allows Object Injection.This issue affects Namaste! LMS: from n/a through 2.6.3. | 8.8 |
2023-11-15 | CVE-2023-4602 | Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. | 6.1 |
2023-04-06 | CVE-2023-24383 | Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS Auth. | 4.8 |
2023-03-13 | CVE-2023-0844 | Unspecified vulnerability in Kibokolabs Namaste! LMS The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
2023-02-27 | CVE-2023-0548 | Cross-site Scripting vulnerability in Kibokolabs Namaste! LMS The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |