Chamilo Lms Security Vulnerabilities and Issues — Chamilo Lms CVE List

Lucene search

ChamiloChamilo Lms

10 matches found

CVE•added 2020/01/04 7:15 a.m.•168 views

CVE-2015-9540

Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503.

6.1CVSS6.2AI score0.00359EPSS

CVE•added 2023/06/08 7:15 p.m.•146 views

CVE-2023-34961

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.

6.1CVSS6.2AI score0.00435EPSS

CVE•added 2022/04/15 8:15 p.m.•54 views

CVE-2022-27422

A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.

6.1CVSS6AI score0.00526EPSS

CVE•added 2013/12/05 6:55 p.m.•52 views

CVE-2013-6787

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.

6CVSS8AI score0.00382EPSS

CVE•added 2021/08/10 8:15 p.m.•50 views

CVE-2021-37390

A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature).

6.1CVSS6.2AI score0.00328EPSS

CVE•added 2024/11/04 7:15 p.m.•42 views

CVE-2024-30618

A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.

6.1CVSS6AI score0.00071EPSS

CVE•added 2019/02/04 9:29 p.m.•40 views

CVE-2019-1000015

Chamilo Chamilo-lms version 1.11.8 and earlier contains a Cross Site Scripting (XSS) vulnerability in main/messages/new_message.php, main/social/personal_data.php, main/inc/lib/TicketManager.php, main/ticket/ticket_details.php that can result in a message being sent to the Administrator with the XS...

6.1CVSS5.8AI score0.0024EPSS

CVE•added 2023/05/09 4:15 p.m.•38 views

CVE-2023-31801

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.

6.1CVSS6.6AI score0.00447EPSS

CVE•added 2019/02/04 9:29 p.m.•36 views

CVE-2019-1000017

Chamilo Chamilo-lms version 1.11.8 and earlier contains an Incorrect Access Control vulnerability in Tickets component that can result in an authenticated user can read all tickets available on the platform, due to lack of access controls. This attack appears to be exploitable via ticket_id=[ticket...

6.5CVSS6.4AI score0.00234EPSS

CVE•added 2021/11/03 5:15 p.m.•35 views

CVE-2020-23126

Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.

6.1CVSS6AI score0.00616EPSS