Ali Oğuz

**Name of the Vulnerable Software and Affected Versions** Chamilo version 1.11.14 **Description** The issue allows for XSS via a "main/calendar/agenda list.php?type=" URI. This means an attacker could potentially inject malicious scripts into the webpage, affecting users who access the page. **Recommendations** For Chamilo version 1.11.14, as a temporary workaround, consider restricting access to the "main/calendar/agenda list.php" endpoint until a patch is available. Avoid using the `type` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.