4 matches found
Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover
Exploit Title: Chamilo LMS 1.11.14 - Account Takeover Date: July 21 2021 Exploit Author: sirpedrotavares Vendor Homepage: https://chamilo.org Software Link: https://chamilo.org Version: Chamilo-lms-1.11.x Tested on: Chamilo-lms-1.11.x CVE: CVE-2021-37391 Publication:...
Chamilo LMS 1.11.14 - Account Takeover Vulnerability
Exploit Title: Chamilo LMS 1.11.14 - Account Takeover Exploit Author: sirpedrotavares Vendor Homepage: https://chamilo.org Software Link: https://chamilo.org Version: Chamilo-lms-1.11.x Tested on: Chamilo-lms-1.11.x CVE: CVE-2021-37391 Publication:...
CVE-2021-37391
creationtimestamp| type| source ---|---|--- 2021-08-11 00:37:27+00:00| seen| https://t.me/cibsecurity/27090...
CVE-2021-37391
Summary: CVE-2021-37391 affects Chamilo LMS 1.11.14, with a stored XSS in the social/invite flow. A user without privileges can send an invitation via main/social/search.php and main/inc/lib/social.lib.php, enabling an attacker to steal cookies or execute arbitrary code on the administration side...