Vulnerability CVE-2021-43687
Published: 2021-12-01

Description:
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Chamilo -> Chamilo 

 References:
https://github.com/chamilo/chamilo-lms/tree/v1.11.14
http://chamilo-lms.com
https://github.com/chamilo/chamilo-lms/blob/v1.11.14/plugin/jcapture/applet.php
https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-92-2021-11-12-Low-impact-Low-risk-XSS-Vulnerability-in-jCapture-plugin-CVE-2021-43687
Copyright 2024, cxsecurity.com

 

Back to Top