Home > Vulnerability Database > CVE-2018-20328

Mend.io Vulnerability Database

CVE-2018-20328

Date: December 21, 2018

Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators. This is considered "low risk" due to the nature of the feature it exploits.

Language: PHP

Severity Score

5.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-20328

Url: https://github.com/chamilo/chamilo-lms/commit/5e61c2b0fcc938ca687b8d4e593b1500aa52a034

Url: https://support.chamilo.org/projects/1/wiki/Security_issues#Issue-32-2018-11-28-Low-risk-More-XSS-and-path-disclosure-issues

Url: https://www.mend.io/vulnerability-database/CVE-2018-20328

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-20328

Date: December 21, 2018

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?