Vulnerabilities > Chamilo > Chamilo LMS > 1.11.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-09 | CVE-2023-31801 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. | 6.1 |
| 2023-05-09 | CVE-2023-31802 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. | 5.4 |
| 2023-05-09 | CVE-2023-31803 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. | 4.8 |
| 2023-05-09 | CVE-2023-31804 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | 5.4 |
| 2023-05-09 | CVE-2023-31805 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. | 4.8 |
| 2023-05-09 | CVE-2023-31806 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | 5.4 |
| 2023-05-09 | CVE-2023-31807 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.18 Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | 5.4 |
| 2022-04-15 | CVE-2022-27421 | Improper Input Validation vulnerability in Chamilo LMS 1.11.14/1.11.16/1.11.18 Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin. | 7.2 |