First published: Tue Aug 10 2021(Updated: )
Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chamilo Chamilo | =1.11.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-37389 is a vulnerability in Chamilo 1.11.14 that allows for stored cross-site scripting (XSS) attacks through certain parameters.
The severity of CVE-2021-37389 is medium with a CVSS score of 6.1.
CVE-2021-37389 occurs when an attacker is able to inject malicious scripts into the 'port' parameter in main/install/index.php and main/install/ajax.php in Chamilo 1.11.14.
To fix CVE-2021-37389, it is recommended to update Chamilo to a version that includes the fix, such as the commit mentioned in the references.
The CWE (Common Weakness Enumeration) of CVE-2021-37389 is CWE-79, which refers to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').