CVE-2024-27524: Stored XSS in tickets Severity: High (Base Score 7.1 ) CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch: https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a CVE-2024-27525: Self XSS in social network Base Score: Medium (Base Score 4.6 ) CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L Mitigation: Upgrade to Chamilo LMS 1.11.28 and above. Patch: https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c Overview This advisory covers the discovery of two vulnerabilities within Chamilo LMS, an open-source learning management system (LMS) widely used across educational institutions. These vulnerabilities—stored cross-site scripting (Stored XSS) and self-cross-site scripting (Self XSS)—pose different levels of security risks but highlight critical considerations for secure system administration and user protection. Summary
Wi-Fi hacking is often synonymous with WPA/WPA2 PSK attacks, one of the most popular ways hackers attempt to compromise wireless networks. These attacks take advantage of weak pre-shared keys (passwords) by capturing a crucial piece of data known as the 4-way handshake during the network authentication process. Once captured, this data can be cracked using dictionary or brute-force attacks to reveal the network's password. The attack methodology involves several steps, starting from identifying the target network, capturing traffic, and forcing devices on the network to disconnect (using a deauthentication attack), all the way to cracking the captured handshake with tools like aircrack-ng . By generating custom wordlists with tools like CUPP and rsmangler , attackers can tailor their brute-force attempts to the specific target. This guide will walk you through the entire process, detailing the tools, techniques, and commands used, while also explaining how to secure your own net