Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37066)

Description

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.

Remediation

References

Related Vulnerabilities

Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-13934)

Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4612)

MyBB CVE-2015-2786 Vulnerability (CVE-2015-2786)

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)

PHP Out-of-bounds Write Vulnerability (CVE-2019-6977)

Severity

Medium

Classification

CVE-2023-37066 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities