Vulnerability Details CVE-2023-37062
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 24.8%
CVSS Severity
CVSS v3 Score 4.8
References
- https://github.com/chamilo/chamilo-lms/commit/c263933d1d958edee3999820f636c8cb919d03d1
- https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-115-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-course-category
- https://github.com/chamilo/chamilo-lms/commit/c263933d1d958edee3999820f636c8cb919d03d1
- https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-115-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-course-category
Products affected by CVE-2023-37062
-
cpe:2.3:a:chamilo:chamilo:1.11.0
-
cpe:2.3:a:chamilo:chamilo:1.11.10
-
cpe:2.3:a:chamilo:chamilo:1.11.12
-
cpe:2.3:a:chamilo:chamilo:1.11.14
-
cpe:2.3:a:chamilo:chamilo:1.11.16
-
cpe:2.3:a:chamilo:chamilo:1.11.18
-
cpe:2.3:a:chamilo:chamilo:1.11.2
-
cpe:2.3:a:chamilo:chamilo:1.11.20
-
cpe:2.3:a:chamilo:chamilo:1.11.4
-
cpe:2.3:a:chamilo:chamilo:1.11.6
-
cpe:2.3:a:chamilo:chamilo:1.11.8