NotCVE - vendor:"Chamilo" product:"Chamilo" version:"1.11.16"

Page 2 of 15 results (0.004 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-37064

https://notcve.org/view.php?id=CVE-2023-37064

07 Jul 2023 — Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. • https://github.com/chamilo/chamilo-lms/commit/91ecc6141de6de9483c5a31fbb9fa91450f24940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-37065

https://notcve.org/view.php?id=CVE-2023-37065

07 Jul 2023 — Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. • https://github.com/chamilo/chamilo-lms/commit/da61f287d2e508a5e940953b474051d0f21e91c0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-42029

https://notcve.org/view.php?id=CVE-2022-42029

17 Oct 2022 — Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to 'big file uploads' to copy/move files from anywhere in the file system into the web directory. Chamilo versión 1.11.16 está afectado por una vulnerabilidad de inclusión de archivos locales autenticados que permite a usuarios autenticados con acceso a las "subidas de archivos grandes" copiar/mover archivos desde cualquier lugar del sistema de archivos al directorio web • https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-95-2022-09-14-High-impact-Moderate-risk-Authenticated-Local-file-inclusion • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-27425

https://notcve.org/view.php?id=CVE-2022-27425

15 Apr 2022 — Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php. Se ha detectado que Chamilo LMS versión v1.11.13, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del componente /blog/blog.php • https://support.chamilo.org/projects/1/wiki/Security_issues • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1

CVE-2021-32925

https://notcve.org/view.php?id=CVE-2021-32925

13 May 2021 — admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. el archivo admin/user_import.php en Chamilo versión 1.11.x, lee datos XML sin deshabilitar la capacidad de cargar entidades externas • https://github.com/andrejspuler/writeups/blob/main/chamilo-lms/README.md#authenticated-rcelfi-in-user-import-via-xml-external-entity---cve-2021-32925 • CWE-611: Improper Restriction of XML External Entity Reference •

1 2