CVE-2021-26746

Name of the Vulnerable Software and Affected Versions Chamilo version 1.11.14

Description The issue allows for XSS via a "main/calendar/agenda list.php?type=" URI. This means an attacker could potentially inject malicious scripts into the webpage, affecting users who access the page.

Recommendations For Chamilo version 1.11.14, as a temporary workaround, consider restricting access to the "main/calendar/agenda list.php" endpoint until a patch is available. Avoid using the type parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.