CVE-2021-43687: chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.p...
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
Security readout for executives and security teams
Plain-English summary
CVE-2021-43687 is a reported low-risk cross-site scripting issue in Chamilo LMS 1.11.14. The affected area is the jCapture plugin endpoint /plugin/jcapture/applet.php, involving attacker-controlled cookie input. Business urgency is limited unless exposed Chamilo instances still run this version and plugin.
Executive priority
Handle through normal vulnerability management unless the affected plugin is internet-facing on an unsupported Chamilo deployment. Prioritize confirmation and vendor-guided upgrade over emergency response.
Technical view
The public record describes XSS in chamilo-lms v1.11.14 at /plugin/jcapture/applet.php when a crafted cookie value is processed through message hex2bin handling. The bundle does not provide CVSS, CWE, exploit maturity, or a named fixed version.
Likely exposure
Likely exposure is Chamilo LMS 1.11.14 deployments where the jCapture plugin endpoint is present and reachable. The source bundle does not establish affected status for other versions or products.
Exploitation context
No CISA KEV listing is provided, and the source bundle does not cite active exploitation. Treat this as a plausible user-session risk typical of XSS, not confirmed widespread exploitation.
Researcher notes
Evidence is thin: the CVE description names version 1.11.14, the jCapture path, and cookie-based XSS behavior, while Chamilo labels the issue low impact and low risk. No CVSS vector, patch version, or exploitation evidence is included.
Mitigation direction
Review Chamilo's security issue guidance for the supported fix or vendor-recommended action.
Inventory and prioritize any Chamilo LMS 1.11.14 systems.
Disable or restrict the jCapture plugin if unused and operationally safe.
Apply vendor-supported updates after confirming release guidance.
Monitor web logs for suspicious access to /plugin/jcapture/applet.php.
Validation and detection
Confirm whether Chamilo LMS 1.11.14 is deployed.
Check whether /plugin/jcapture/applet.php exists and is web-reachable.
Verify whether the jCapture plugin is enabled or required.
Review request logs for unusual cookies targeting the jCapture endpoint.
Document findings without testing exploit payloads in production.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2021-43687 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
1ADP providers
4Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Dec 1, 2021, 15:49 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.