CVE-2024-27524
published 2024-11-01CVE-2024-27524: Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of…
PriorityP432high7.1CVSS 3.1
AVNACHPRLUIRSUCHIHAH
EPSS
0.70%
48.5th percentile
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chamilo | chamilo_lms | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hgcm-4hjv-p97p: Cross Site Scripting vulnerability in Chamilo LMS v
ghsa_unreviewed·2024-11-01
CVE-2024-27524 [HIGH] CWE-79 GHSA-hgcm-4hjv-p97p: Cross Site Scripting vulnerability in Chamilo LMS v
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component.
CISA
Apache Superset Insecure Default Initialization of Resource Vulnerability
cisa·2024-01-08·CVSS 9.8
CVE-2023-27524 [HIGH] CWE-1188 Apache Superset Insecure Default Initialization of Resource Vulnerability
Vulnerability: Apache Superset Insecure Default Initialization of Resource Vulnerability
Affected: Apache Superset
Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk; https://nvd.nist.gov/vuln/detail/CVE-2023-27524
Remediation Due Date: 2024-01-29
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-01
Published