chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
https://github.com/chamilo/chamilo-lms/tree/v1.11.14
https://github.com/chamilo/chamilo-lms/blob/v1.11.14/plugin/jcapture/applet.php