Cross Site Scripting Vulnerability in Chamilo LMS by Chamilo
CVE-2024-27525

Currently unrated

Key Information:

Vendor: Chamilo
Status: Chamilo LMS
Vendor: CVE Published:; 1 November 2024

What is CVE-2024-27525?

A cross site scripting vulnerability exists in Chamilo LMS version 1.11.26, which allows a remote attacker to inject malicious scripts through the filename parameter of the home.php component, enabling privilege escalation. This can lead to various forms of attack, threatening user data and system integrity.

References

https://www.less-secure.com/2024/10/chamilo-lms-cve-2024-...

https://github.com/chamilo/chamilo-lms/commit/a63e03ef961...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2024
Vulnerability Reserved
Feb 26, 2024