Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
References
Link | Resource |
---|---|
https://github.com/chamilo/chamilo-lms/commit/dfae49f5dc392c00cd43badcb3043db3a646ff0c | Patch Third Party Advisory |
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities | Exploit Third Party Advisory |
Configurations
Information
Published : 2021-08-10 13:15
Updated : 2021-08-17 08:34
NVD link : CVE-2021-37389
Mitre link : CVE-2021-37389
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
chamilo
- chamilo