Chamilo Lms Security Vulnerabilities and Issues — Chamilo Lms CVE List

Lucene search

ChamiloChamilo Lms

11 matches found

CVE•added 2023/06/08 7:15 p.m.•140 views

CVE-2023-34959

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the social and links tools.

5.3CVSS5.7AI score0.00256EPSS

CVE•added 2021/08/10 8:15 p.m.•61 views

CVE-2021-37391

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social netw...

5.4CVSS6AI score0.00556EPSS

CVE•added 2024/11/04 7:15 p.m.•49 views

CVE-2024-30617

A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 "/main/social/home.php," allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge.

5.4CVSS6.7AI score0.00039EPSS

CVE•added 2024/11/15 7:15 p.m.•45 views

CVE-2024-51142

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.

5.4CVSS7.3AI score0.00079EPSS

CVE•added 2023/05/09 4:15 p.m.•41 views

CVE-2023-31800

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.

5.4CVSS6AI score0.00464EPSS

CVE•added 2023/05/09 4:15 p.m.•40 views

CVE-2023-31806

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.

5.4CVSS6AI score0.00464EPSS

CVE•added 2018/12/21 6:29 a.m.•37 views

CVE-2018-20327

Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of th...

5.4CVSS5.1AI score0.00191EPSS

CVE•added 2023/05/09 4:15 p.m.•36 views

CVE-2023-31807

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.

5.4CVSS6AI score0.00464EPSS

CVE•added 2023/05/09 4:15 p.m.•35 views

CVE-2023-31804

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.

5.4CVSS6AI score0.00464EPSS

CVE•added 2018/12/21 6:29 a.m.•32 views

CVE-2018-20328

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.

5.4CVSS5.1AI score0.00247EPSS

CVE•added 2023/05/09 4:15 p.m.•32 views

CVE-2023-31802

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.

5.4CVSS6.1AI score0.00464EPSS