CVE-2023-31806

2023-05-0916:15:15

Google

osv.dev

cve-2023-31806

cross site scripting

chamilo lms

my progress

arbitrary code execution

security vulnerability

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.

CPENameOperatorVersion
chamilo-lmseqCHAMILO_1_9_4_STABLE
chamilo-lmseqCHAMILO_1_9_2_STABLE_QUARTER
chamilo-lmseq1.8.6.1
chamilo-lmseqCHAMILO_1_9_6_RC_1
chamilo-lmseqCHAMILO_1_8_8_BETA_2
chamilo-lmseqCHAMILO_1_8_7_1_STABLE_2
chamilo-lmseqCHAMILO_1_9_0_ALPHA_3
chamilo-lmseqCHAMILO_1_9_0_STABLE
chamilo-lmseqCHAMILO_1_8_7_STABLE
chamilo-lmseqCHAMILO_1_10_DEV_ICPNA_20130114

Name	Operator	Version
chamilo-lms	eq	CHAMILO_1_9_4_STABLE
chamilo-lms	eq	CHAMILO_1_9_2_STABLE_QUARTER
chamilo-lms	eq	1.8.6.1
chamilo-lms	eq	CHAMILO_1_9_6_RC_1
chamilo-lms	eq	CHAMILO_1_8_8_BETA_2
chamilo-lms	eq	CHAMILO_1_8_7_1_STABLE_2
chamilo-lms	eq	CHAMILO_1_9_0_ALPHA_3
chamilo-lms	eq	CHAMILO_1_9_0_STABLE
chamilo-lms	eq	CHAMILO_1_8_7_STABLE
chamilo-lms	eq	CHAMILO_1_10_DEV_ICPNA_20130114