This exploit demonstrates a persistent Cross-Site Scripting (XSS) vulnerability in Chamilo LMS 1.11.8 by injecting malicious JavaScript into the 'content' parameter of a meeting creation request. The payload is executed when the meeting is viewed in the calendar.
Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:Chamilo LMS 1.11.8
Auth required
Prerequisites:Authenticated session (valid ch_sid cookie) · Access to the calendar/agenda feature