CVE-2021-37391

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*

Information

Published : 2021-08-10 13:15

Updated : 2021-08-19 10:05


NVD link : CVE-2021-37391

Mitre link : CVE-2021-37391


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

chamilo

  • chamilo_lms