CVE-2018-20328
MEDIUMChamilo LMS 1.11.8 - Authenticated Cross-Site Scripting in Social Groups Tool
Title source: llmDescription
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues
Patch, Third Party Advisory x_refsource_misc
https://github.com/chamilo/chamilo-lms/commit/5e61c2b0fcc938ca687b8d4e593b1500aa52a034
Scores
CVSS v3
5.4
EPSS
0.0066
EPSS Percentile
46.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
chamilo/chamilo_lms
1.11.8
Published
Dec 21, 2018
Tracked Since
Feb 18, 2026