Vulnerabilities > Chamilo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-09 | CVE-2023-31799 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | 4.8 |
2023-05-09 | CVE-2023-31800 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. | 5.4 |
2023-05-09 | CVE-2023-31801 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. | 6.1 |
2023-05-09 | CVE-2023-31802 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. | 5.4 |
2023-05-09 | CVE-2023-31803 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. | 4.8 |
2023-05-09 | CVE-2023-31804 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | 5.4 |
2023-05-09 | CVE-2023-31805 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. | 4.8 |
2023-05-09 | CVE-2023-31806 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | 5.4 |
2023-05-09 | CVE-2023-31807 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | 5.4 |
2022-10-17 | CVE-2022-42029 | Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo 1.11.16 Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. | 8.8 |