A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Chamilo
  • Chamilo Lms

No data.

No data.

References
Link Providers
https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30618 cve-icon cve-icon
https://github.com/chamilo/chamilo-lms/commit/3b98682199049ebfb170ace16ada9a7c8e9a6622 cve-icon cve-icon
History

Tue, 05 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Chamilo
Chamilo chamilo Lms
Weaknesses CWE-79
CPEs cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*
Vendors & Products Chamilo
Chamilo chamilo Lms
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Description A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-04T00:00:00

Updated: 2024-11-05T17:35:55.997Z

Reserved: 2024-03-27T00:00:00

Link: CVE-2024-30618

cve-icon Vulnrichment

Updated: 2024-11-05T17:35:50.437Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-11-04T19:15:06.360

Modified: 2024-11-05T18:35:07.490

Link: CVE-2024-30618

cve-icon Redhat

No data.