CVE-2012-4029: 
Chamilo vulnerability analysis and mitigation

CVE-2012-4029 is a Cross-site scripting (XSS) vulnerability discovered in Chamilo LMS versions before 1.8.8.6. The vulnerability specifically affects the main/dropbox/index.php file, where remote attackers can inject arbitrary web script or HTML through the category_name parameter in an addsentcategory action (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. Under CVSS v2.0, it received a base score of 4.3 (MEDIUM) with vector (AV:N/AC:M/Au:N/C:N/I:P/A:N). The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The vulnerability allows remote attackers to inject arbitrary web script or HTML into the application through the category_name parameter when using the addsentcategory action. This could potentially lead to unauthorized script execution in the context of other users' browsers (NVD).

The vulnerability has been patched in Chamilo LMS version 1.8.8.6. Users are advised to upgrade to this version or later to mitigate the risk. A patch is available for those unable to upgrade immediately (Chamilo Patch).