Chamilo: >> Chamilo Lms >> 1.11.10 Security Vulnerabilities
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-11-03
A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).
CVSS Score
6.1
EPSS Score
0.003
Published
2021-08-10
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
CVSS Score
5.4
EPSS Score
0.006
Published
2021-08-10
Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-05-06
Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-05-06
Page 3