Chamilo Learning Management System Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Chamilo Learning Management System versions prior to 1.11.30. The issue resides in the session_category_add.php script, where improper sanitization of the Category Name field allows privileged users to inject persistent JavaScript payloads. These injected scripts are executed when accessing add_many_sessions_to_category.php, potentially compromising the sessions of administrative users.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user accessing the vulnerable page. In this case, it can hijack the sessions of other privileged users and escalate attacks in multi-admin environments.

Reproduction

To reproduce this vulnerability, log in as an administrative user and navigate to session_category_add.php. In the Category Name field, insert a JavaScript payload, such as an image tag with an onerror attribute. After submitting the form, the injected script will execute when any privileged user accesses add_many_sessions_to_category.php.

Remediation

Users can upgrade to Chamilo version 1.11.30 or later, where this vulnerability has been patched.