# Exploit Title: Chamilo LMS 1.11.14 - Account Takeover # Date: July 21 2021 # Exploit Author: sirpedrotavares # Vendor Homepage: https://chamilo.org # Software Link: https://chamilo.org # Version: Chamilo-lms-1.11.x # Tested on: Chamilo-lms-1.11.x # CVE: CVE-2021-37391 #Publication: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities Description: A user without privileges in Chamilo LMS 1.11.x can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature. . CVE ID: CVE-2021-37391 CVSS: Medium - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N URL: https://gitbook.seguranca-informatica.pt/cve-and-exploits/cves/chamilo-lms-1.11.14-xss-vulnerabilities Affected parameter: send private message - text field Payload: