Cross-Site Scripting Vulnerability in Chamilo Learning Management System
CVE-2023-37062

4.8MEDIUM

Key Information:

Vendor

Chamilo

Status
Chamilo
Vendor
CVE Published:
7 July 2023

What is CVE-2023-37062?

A vulnerability exists in Chamilo Learning Management System versions 1.11.x up to 1.11.20 that allows users with admin privileges to insert malicious scripts into course categories' definitions. This could lead to potential exploitation where an attacker leverages the XSS flaw to execute arbitrary scripts in the context of a victim's browser session, posing a significant risk to user data and system integrity.

References

https://github.com/chamilo/chamilo-lms/commit/c263933d1d9...
https://support.chamilo.org/projects/1/wiki/Security_issu...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.