CVE-2021-37390

Name of the Vulnerable Software and Affected Versions Chamilo LMS version 1.11.14

Description A reflected XSS issue exists in the social network search feature, specifically in the "main/social/search.php" endpoint with the q URI parameter. This allows for potential exploitation.

Recommendations For Chamilo LMS version 1.11.14, consider disabling the social network search feature temporarily until a patch is available. Restrict access to the "main/social/search.php" endpoint to minimize the risk of exploitation. Avoid using the q parameter in the affected endpoint until the issue is resolved.