First published: Fri Jul 07 2023(Updated: )
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Chamilo Chamilo | >=1.11.0<=1.11.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-37062 is a vulnerability in Chamilo 1.11.x up to 1.11.20 that allows users with admin privilege accounts to insert XSS in the course categories' definition.
The severity of CVE-2023-37062 is medium with a CVSS score of 4.8.
Users with admin privilege accounts can exploit CVE-2023-37062 by inserting XSS code in the course categories' definition.
To fix CVE-2023-37062, update Chamilo to version 1.11.21 or higher. Ensure that all admin privilege accounts are trusted and avoid inserting untrusted input in course categories' definition.
You can find more information about CVE-2023-37062 in the references provided: [link1](https://github.com/chamilo/chamilo-lms/commit/c263933d1d958edee3999820f636c8cb919d03d1) and [link2](https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-115-2023-06-06-Low-impact-Low-risk-XSS-through-admin-account-course-category).