Vulnerabilities > Chamilo

DATE CVE VULNERABILITY TITLE RISK
2023-05-09 CVE-2023-31799 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.
network
low complexity
chamilo CWE-79
4.8
4.8
2023-05-09 CVE-2023-31800 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
network
low complexity
chamilo CWE-79
5.4
5.4
2023-05-09 CVE-2023-31801 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
network
low complexity
chamilo CWE-79
6.1
6.1
2023-05-09 CVE-2023-31802 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
network
low complexity
chamilo CWE-79
5.4
5.4
2023-05-09 CVE-2023-31803 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.
network
low complexity
chamilo CWE-79
4.8
4.8
2023-05-09 CVE-2023-31804 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.
network
low complexity
chamilo CWE-79
5.4
5.4
2023-05-09 CVE-2023-31805 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
network
low complexity
chamilo CWE-79
4.8
4.8
2023-05-09 CVE-2023-31806 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
network
low complexity
chamilo CWE-79
5.4
5.4
2023-05-09 CVE-2023-31807 Cross-site Scripting vulnerability in Chamilo LMS 1.11.18
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
network
low complexity
chamilo CWE-79
5.4
5.4
2022-10-17 CVE-2022-42029 Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo 1.11.16
Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory.
network
low complexity
chamilo CWE-434
8.8
8.8