CVE-2024-51142

MEDIUM

Chamilo LMS 1.11.26 - Stored Cross-Site Scripting via storageapi.php svkey Parameter

Title source: llm
STIX 2.1

Description

Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an attacker to execute arbitrary code via the svkey parameter of the storageapi.php file.

Scores

CVSS v3 5.4
EPSS 0.0034
EPSS Percentile 25.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
chamilo/chamilo_lms 1.11.26
Published Nov 15, 2024
Tracked Since Feb 18, 2026