WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37389)

Description

Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin Slideshow Gallery LITE Multiple Unspecified Vulnerabilities (1.5.3.3)

WordPress Plugin Chat Room Directory Traversal (0.1.2)

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20102)

Moodle Resource Management Errors Vulnerability (CVE-2015-2268)

MySQL CVE-2022-21253 Vulnerability (CVE-2022-21253)

Severity

Medium

Classification

CVE-2021-37389 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities