Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20328 - Vulnerability Database

Chamilo

Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20328

Medium

Reference: CVE-2018-20328

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-20328

Title: Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool allowing authenticated users to affect other users under specific conditions of permissions granted by administrators. This is considered quotlow riskquot due to the nature of the feature it exploits.