Reflected XSS Vulnerability in Chamilo LMS by Chamilo Foundation
CVE-2022-27422

6.1MEDIUM

Key Information:

Vendor: Chamilo
Status: Chamilo Lms
Vendor: CVE Published:; 15 April 2022

What is CVE-2022-27422?

A reflected cross-site scripting (XSS) vulnerability exists in Chamilo LMS v1.11.13, enabling attackers to execute arbitrary web scripts or HTML. This can occur through user interaction with a specially crafted URL, potentially leading to unauthorized actions or data exposure.

References

https://support.chamilo.org/projects/1/wiki/Security_issues

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2022
Vulnerability Reserved
Mar 21, 2022