Cross-Site Scripting Vulnerability in Chamilo 1.11.x by Chamilo
CVE-2023-37066

4.8MEDIUM

Key Information:

Vendor: Chamilo
Status: Chamilo
Vendor: CVE Published:; 7 July 2023

What is CVE-2023-37066?

Chamilo version 1.11.x up to 1.11.20 contains a vulnerability that enables users with administrative privileges to insert malicious scripts into the skills wheel feature. This weakness allows for cross-site scripting (XSS) attacks, potentially leading to unauthorized actions within the application, user data exposure, and a compromised user experience. Administrators are advised to apply security patches and ensure that only trusted users have admin access to mitigate the risks associated with this vulnerability.

References

https://github.com/chamilo/chamilo-lms/commit/4f7b5ebf90c...

https://support.chamilo.org/projects/1/wiki/Security_issu...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 7, 2023
Vulnerability Reserved
Jun 28, 2023

JSON