PT-2020-7335 · Chamilo · Chamilo
Published
2020-01-30
·
Updated
2020-01-31
·
CVE-2013-0738
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Chamilo version 1.9.4
Description:
The issue concerns multiple XSS and HTML Injection vulnerabilities. These vulnerabilities are found in the
blog.php and announcements.php files.Recommendations:
For Chamilo version 1.9.4, consider disabling access to the
blog.php and announcements.php files until a fix is available. Avoid using user-inputted data in these files to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chamilo