Cross-Site Scripting Vulnerability in Chamilo LMS by Chamilo Foundation
CVE-2023-37067

4.8MEDIUM

Key Information:

Vendor

Chamilo

Status
Chamilo
Vendor
CVE Published:
7 July 2023

What is CVE-2023-37067?

Chamilo LMS versions 1.11.x up to 1.11.20 are susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows users with administrative privileges to inject malicious scripts into the management section for user groups. If exploited, this vulnerability could lead to unauthorized actions and impact user data integrity and confidentiality. Users and administrators should apply recommended patches and updates to safeguard their systems against this and similar vulnerabilities.

References

https://github.com/chamilo/chamilo-lms/commit/c75ff227bcf...
https://support.chamilo.org/projects/1/wiki/Security_issu...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-37067 : Cross-Site Scripting Vulnerability in Chamilo LMS by Chamilo Foundation