cve/CVE-2021-37391.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.

POC

Reference

https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Enes4xd/Enes4xd
https://github.com/cr0ss2018/cr0ss2018
https://github.com/ezelnur6327/Enes4xd
https://github.com/ezelnur6327/ezelnur6327

1.0 KiB Raw Blame History

CVE-2021-37391

Description

POC

Reference

Github

1.0 KiB

Raw Blame History