First published: Wed Dec 01 2021(Updated: )
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chamilo Chamilo | =1.11.14 | |
=1.11.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43687 is a Cross Site Scripting (XSS) vulnerability in chamilo-lms v1.11.14.
The severity of CVE-2021-43687 is medium with a CVSS score of 6.1.
CVE-2021-43687 affects chamilo-lms v1.11.14 by allowing an attacker to execute malicious scripts in the context of a user's browser.
To fix CVE-2021-43687, update to the latest version of chamilo-lms (v1.11.15 or higher) that includes a patch for this vulnerability.
You can find more information about CVE-2021-43687 on the Chamilo website and the GitHub repository for chamilo-lms v1.11.14.