Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-43687 - Vulnerability Database

Chamilo

Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2021-43687

Medium

Reference: CVE-2021-43687

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-43687

Title: Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.