CVE-2023-31802

2023-05-0916:15:14

Google

osv.dev

cve-2023-31802

vulnerability

chamilo lms

cross site scripting

arbitrary code

skype

linkedin url

local attacker

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

JSON

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

CPENameOperatorVersion
chamilo-lmseqCHAMILO_1_9_4_STABLE
chamilo-lmseqCHAMILO_1_9_2_STABLE_QUARTER
chamilo-lmseq1.8.6.1
chamilo-lmseqCHAMILO_1_9_6_RC_1
chamilo-lmseqCHAMILO_1_8_8_BETA_2
chamilo-lmseqCHAMILO_1_8_7_1_STABLE_2
chamilo-lmseqCHAMILO_1_9_0_ALPHA_3
chamilo-lmseqCHAMILO_1_9_0_STABLE
chamilo-lmseqCHAMILO_1_8_7_STABLE
chamilo-lmseqCHAMILO_1_10_DEV_ICPNA_20130114

Name	Operator	Version
chamilo-lms	eq	CHAMILO_1_9_4_STABLE
chamilo-lms	eq	CHAMILO_1_9_2_STABLE_QUARTER
chamilo-lms	eq	1.8.6.1
chamilo-lms	eq	CHAMILO_1_9_6_RC_1
chamilo-lms	eq	CHAMILO_1_8_8_BETA_2
chamilo-lms	eq	CHAMILO_1_8_7_1_STABLE_2
chamilo-lms	eq	CHAMILO_1_9_0_ALPHA_3
chamilo-lms	eq	CHAMILO_1_9_0_STABLE
chamilo-lms	eq	CHAMILO_1_8_7_STABLE
chamilo-lms	eq	CHAMILO_1_10_DEV_ICPNA_20130114