CVE-2024-30618

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Nov 4, 2024
Updated: Nov 5, 2024
CWE ID 79

Summary

CVE-2024-30618 is a newly identified Stored Cross-Site Scripting (XSS) vulnerability affecting Chamilo Learning Management System version 1.11.26. This issue permits a remote attacker to inject and execute arbitrary JavaScript code in a victim's web browser by manipulating the 'content' parameter in 'group_topics.php'. By exploiting this vulnerability, adversaries can steal sensitive data, modify webpage content, or even take control of user sessions. This can lead to significant security risks, including potential data breaches and unauthorized access to sensitive information. It is essential that affected organizations or individuals apply the necessary security patches as soon as possible to mitigate the risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share