Vulnerabilities > Chamilo > Chamilo LMS > 1.11.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-10 | CVE-2021-37390 | Cross-site Scripting vulnerability in Chamilo LMS A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). | 4.3 |
2021-05-06 | CVE-2020-23127 | Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.10 Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user. | 6.8 |
2021-05-06 | CVE-2020-23128 | Improper Privilege Management vulnerability in Chamilo LMS 1.11.10 Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to administrator privilege. | 4.0 |