Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37066)

Description

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

Remediation

References

Related Vulnerabilities

WordPress Plugin Import any XML or CSV File to WordPress Cross-Site Scripting (3.4.5)

Jenkins Improper Input Validation Vulnerability (CVE-2017-1000401)

WordPress Plugin Product Addons & Fields for WooCommerce Same Origin Method Execution (SOME) (14.0)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2014-3523)

OpenVPN AS Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2020-11462)

Severity

Medium

Classification

CVE-2023-37066 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities