CVE-2021-37389

2021-08-1020:15:08

Google

osv.dev

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

JSON

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.

CPENameOperatorVersion
chamilo-lmseqCHAMILO_1_8_8_BETA_1
chamilo-lmseqCHAMILO_1_8_7_ALPHA_1
chamilo-lmseqCHAMILO_1_9_0_ALPHA_6
chamilo-lmseq1.11.10
chamilo-lmseqCHAMILO_1_8_7_RC2
chamilo-lmseq1.9.8
chamilo-lmseqCHAMILO_1_9_2_STABLE
chamilo-lmseqCHAMILO_1_8_7_ALPHA_2
chamilo-lmseqCHAMILO_1_8_7_RC_1
chamilo-lmseq1.10.6-stable

Name	Operator	Version
chamilo-lms	eq	CHAMILO_1_8_8_BETA_1
chamilo-lms	eq	CHAMILO_1_8_7_ALPHA_1
chamilo-lms	eq	CHAMILO_1_9_0_ALPHA_6
chamilo-lms	eq	1.11.10
chamilo-lms	eq	CHAMILO_1_8_7_RC2
chamilo-lms	eq	1.9.8
chamilo-lms	eq	CHAMILO_1_9_2_STABLE
chamilo-lms	eq	CHAMILO_1_8_7_ALPHA_2
chamilo-lms	eq	CHAMILO_1_8_7_RC_1
chamilo-lms	eq	1.10.6-stable