Description
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.
Remediation
References
Related Vulnerabilities
PHP Address Book Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-2778)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)
MySQL CVE-2012-0115 Vulnerability (CVE-2012-0115)
WordPress Plugin WooCommerce Multiple Vulnerabilities (2.3.5)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-3455)