Cross-Site Scripting Vulnerability in Chamilo LMS by Chamilo Foundation
CVE-2023-37065

4.8MEDIUM

Key Information:

Vendor: Chamilo
Status: Chamilo
Vendor: CVE Published:; 7 July 2023

What is CVE-2023-37065?

A cross-site scripting (XSS) vulnerability has been identified in Chamilo LMS versions 1.11.x up to 1.11.20. This flaw allows administrators to inject malicious scripts through the session category management section. If exploited, an attacker with admin privileges could potentially manipulate the platform, affecting user sessions and leading to various security issues. Users are advised to apply the latest security updates and follow best practices for secure admin account management.

References

https://github.com/chamilo/chamilo-lms/commit/da61f287d2e...

https://support.chamilo.org/projects/1/wiki/Security_issu...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2023
Vulnerability Reserved
Jun 28, 2023