First published: Fri Dec 21 2018(Updated: )
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chamilo Chamilo Lms | =1.11.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20328 is a vulnerability found in Chamilo LMS version 1.11.8 that allows authenticated users to affect other users through an XSS exploit in the social groups tool.
The severity of CVE-2018-20328 is medium with a CVSSv3 score of 5.4.
The affected software of CVE-2018-20328 is Chamilo LMS version 1.11.8.
Authenticated users can exploit CVE-2018-20328 through an XSS vulnerability in the social groups tool.
To fix CVE-2018-20328, update Chamilo LMS to a version that addresses the XSS vulnerability.