Cross-Site Scripting Vulnerability in Chamilo 1.11.x by Chamilo
CVE-2023-37066

4.8MEDIUM

Key Information:

Vendor

Chamilo

Status
Chamilo
Vendor
CVE Published:
7 July 2023

What is CVE-2023-37066?

Chamilo version 1.11.x up to 1.11.20 contains a vulnerability that enables users with administrative privileges to insert malicious scripts into the skills wheel feature. This weakness allows for cross-site scripting (XSS) attacks, potentially leading to unauthorized actions within the application, user data exposure, and a compromised user experience. Administrators are advised to apply security patches and ensure that only trusted users have admin access to mitigate the risks associated with this vulnerability.

References

https://github.com/chamilo/chamilo-lms/commit/4f7b5ebf90c...
https://support.chamilo.org/projects/1/wiki/Security_issu...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-37066 : Cross-Site Scripting Vulnerability in Chamilo 1.11.x by Chamilo