Wiz
Vulnerability DatabaseCVE-2023-31799

CVE-2023-31799
Chamilo vulnerability analysis and mitigation

Overview

A Cross Site Scripting (XSS) vulnerability was discovered in Chamilo LMS version 1.11.18. The vulnerability was identified and disclosed on April 11, 2023, affecting the system announcements parameter in the Chamilo Learning Management System (Vendor Advisory).

Technical details

The vulnerability has been assigned CVE-2023-31799 and received a CVSS v3.1 Base Score of 4.8 (MEDIUM) with the vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires high privileges and user interaction to exploit, with potential for limited confidentiality and integrity impacts (NVD).

Impact

If successfully exploited, this vulnerability allows a local attacker with high privileges to execute arbitrary code through the system announcements parameter. The impact is considered low to medium, affecting both confidentiality and integrity of the system, though there is no impact on availability (NVD).

Mitigation and workarounds

Users should upgrade to a version newer than Chamilo LMS v.1.11.18 to address this vulnerability. The issue has been documented in the vendor's security advisory and appropriate fixes have been implemented (Vendor Advisory).

Additional resources

SourceThis report was generated using AI

Related Chamilo vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2024-30616HIGH8.8
  • ChamiloChamilo
  • cpe:2.3:a:chamilo:chamilo_lms
NoNoNov 04, 2024
CVE-2024-30619HIGH7.5
  • ChamiloChamilo
  • cpe:2.3:a:chamilo:chamilo_lms
NoNoNov 04, 2024
CVE-2024-30618MEDIUM6.1
  • ChamiloChamilo
  • cpe:2.3:a:chamilo:chamilo_lms
NoNoNov 04, 2024
CVE-2024-51142MEDIUM5.4
  • ChamiloChamilo
  • cpe:2.3:a:chamilo:chamilo_lms
NoNoNov 15, 2024
CVE-2024-30617MEDIUM5.4
  • ChamiloChamilo
  • cpe:2.3:a:chamilo:chamilo_lms
NoNoNov 04, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo