CVE-2023-37067

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Jul 7, 2023

Updated: Jul 13, 2023

CWE ID 79

Summary

CVE-2023-37067 is a vulnerability affecting Chamilo 1.11.x versions up to 1.11.20. This issue grants users with admin privileges the ability to inject Cross-Site Scripting (XSS) attacks in the classes/usergroups management section, potentially leading to unauthorized access or data theft. Successful exploitation requires administrative access, making it a significant concern for organizations using this learning management system. The vulnerability can be mitigated by updating to a patched version of Chamilo.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Chamilo

Affected Vendors

Chamilo

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rz8Y_r
https://www.cve.org/CVERecord?id=CVE-2023-37067
https://nvd.nist.gov/vuln/detail/CVE-2023-37067

Back to Vulnerability Database