CVE-2023-34961

MEDIUM

Chamilo LMS 1.11.0-1.11.18 - Cross-Site Scripting via Feedback Comment Field

Title source: llm

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field.

Core 2

Core References

Patch

Vendor Advisory

CVSS v3 6.1

EPSS 0.0040

EPSS Percentile 31.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

CWE

CWE-79

Status published

Products (1)

chamilo/chamilo_lms 1.11.0 - 1.11.18

Published Jun 08, 2023

Tracked Since Feb 18, 2026