Stored Cross-Site Scripting Vulnerability in Chamilo LMS by Chamilo Foundation
CVE-2024-30618

Currently unrated

Key Information:

Vendor: Chamilo Foundation
Status: Chamilo LMS
Vendor: CVE Published:; 4 November 2024

🔔 Create Chamilo Foundation Vulnerability Alert

What is CVE-2024-30618?

The Chamilo LMS version 1.11.26 contains a persistent cross-site scripting (XSS) vulnerability that permits remote attackers to inject malicious JavaScript into the system. By exploiting this flaw in the 'content' parameter of the 'group_topics.php' file, attackers can manipulate user sessions and perform unauthorized actions within the web application. This vulnerability poses serious risks to users' data integrity and privacy, as it may allow attackers to redirect users to malicious sites or capture sensitive information.

References

https://github.com/chamilo/chamilo-lms/commit/3b986821990...

https://github.com/bahadoumi/Vulnerability-Research/tree/...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2024
Vulnerability Reserved
Mar 27, 2024