Chamilo: Security Vulnerabilities
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.
CVSS Score
4.8
EPSS Score
0.003
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.
CVSS Score
4.8
EPSS Score
0.004
Published
2023-07-07
An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-06-13
An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-06-08
Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-06-08