Vulnerabilities > Chamilo > Chamilo LMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-21 | CVE-2018-20328 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.8 Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. | 5.4 |
| 2018-12-21 | CVE-2018-20327 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.8 Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. | 5.4 |
| 2018-07-23 | CVE-2018-1999019 | Code Injection vulnerability in Chamilo LMS Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. | 9.8 |