Vulnerabilities > Chamilo > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-21 | CVE-2023-39061 | Cross-Site Request Forgery (CSRF) vulnerability in Chamilo Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. | 3.5 |
| 2021-12-03 | CVE-2021-35415 | Cross-site Scripting vulnerability in Chamilo LMS A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. | 3.5 |
| 2018-12-21 | CVE-2018-20327 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.8 Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. | 3.5 |
| 2018-12-21 | CVE-2018-20328 | Cross-site Scripting vulnerability in Chamilo LMS 1.11.8 Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. | 3.5 |