Chamilo LCMS Connect 4.1 Cross Site Scripting

Posted on 28 March 2015

Hi Team, #Affected Vendor: http://lcms.chamilo.org/ #Date: 27/03/2015 #Discovered by: Joel Vadodil Varghese #Type of vulnerability: Persistent XSS #Tested on: Windows 7 #Product: LCMS Connect #Version: 4.1 #Description: Chamilo is an open-source (under GNU/GPL licensing) e-learning and content management system, aimed at improving access to education and knowledge globally. Chamilo LCMS is a completely new software platform for e-learning and collaboration. Chamilo LCMS connect is vulnerable to stored xss vulnerability. The parameter "site_name" is the vulnerable parameter which will lead to its compromise. #Proof of Concept (PoC): ------------------------ site_name=<img src="" onerror="alert('XSS')"/> -- Regards, *Joel V*

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload
FlatPress 1.3 Shell Upload
Laravel Framework 11 Credential Disclosure

Last 20