CVE-2019-1000015

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XS...

CVE-2019-1000017

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket...