CVE-2025-52482 | THREATINT

Description

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

PUBLISHED Reserved 2025-06-17 | Published 2026-03-02 | Updated 2026-03-02 | Assigner GitHub_M

HIGH: 8.3CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 1.11.30

affected

References

github.com/...lo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4

github.com/...ommit/241c569dde0ad0e34d558ae51271f70438189b0e

github.com/...ommit/82cc07edd8ef316e6b36da7c501120d5c0aeb151

github.com/...ommit/f9150075246df4ed9755a4a150e25edb468767be

github.com/chamilo/chamilo-lms/releases/tag/v1.11.30

cve.org (CVE-2025-52482)

nvd.nist.gov (CVE-2025-52482)

Download JSON