Description
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2019-11046)
MongoDb Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-20924)
WordPress Plugin Site Reviews Cross-Site Scripting (2.15.2)
WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Cross-Site Scripting (1.5.75)