Cross Site Scripting in Chamilo Learning Management System
CVE-2024-51142

Currently unrated

Key Information:

Vendor: Chamilo
Status: Chamilo LMS
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-51142?

A Cross Site Scripting vulnerability has been identified in Chamilo Learning Management System version 1.11.26. This security flaw allows attackers to inject malicious scripts through the 'svkey' parameter in the 'storageapi.php' file. Successful exploitation can lead to unauthorized actions, potentially impacting user sessions and exposing sensitive information.

References

https://infosecwriteups.com/chamilo-lms-authentication-by...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024