Namaste! Lms

namaste!_lms

Vendor: Kibokolabs • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-50410 1Kibokolabs 1Namaste! Lms Apr 23, 2026 Oct 29, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Namaste! LMS namaste-lms allows Stored XSS.This issue affects Namaste! LMS: from n/a through <= 2.6.4.
CVE-2024-50409 1Kibokolabs 1Namaste! Lms Apr 23, 2026 Oct 29, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Namaste! LMS namaste-lms allows Stored XSS.This issue affects Namaste! LMS: from n/a through <= 2.6.2.
CVE-2024-50407 1Kibokolabs 1Namaste! Lms Apr 23, 2026 Oct 29, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Namaste! LMS namaste-lms allows Reflected XSS.This issue affects Namaste! LMS: from n/a through <= 2.6.2.
CVE-2024-50408 1Kibokolabs 1Namaste! Lms Apr 23, 2026 Oct 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Deserialization of Untrusted Data vulnerability in Bob Namaste! LMS namaste-lms allows Object Injection.This issue affects Namaste! LMS: from n/a through <= 2.6.3.
CVE-2023-4602 1Kibokolabs 1Namaste! Lms Apr 8, 2026 Nov 15, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. T...Show more The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'course_id' parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2023-24383 1Kibokolabs 1Namaste! Lms Nov 21, 2024 Apr 6, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.
CVE-2023-0844 1Kibokolabs 1Namaste! Lms Feb 27, 2025 Mar 13, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered...Show more The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2023-0548 1Kibokolabs 1Namaste! Lms Mar 10, 2025 Feb 27, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilt...Show more The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less