CVE-2025-26153

MEDIUM

Chamilo LMS 1.11.28 - Stored Cross-Site Scripting in Message Compose Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-26153. PoCs published by mexeck88.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2025-26153, demonstrating a stored XSS vulnerability in Chamilo LMS (<= v2.0) that can be exploited for privilege escalation. The PoC includes a Python script to generate a custom payload and detailed steps to execute the attack.

Description

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.

Exploits (1)

nomisec WORKING POC
by mexeck88 · poc
https://github.com/mexeck88/CSRF-via-stored-XSS-for-PrivEsc

This repository contains a functional proof-of-concept for CVE-2025-26153, demonstrating a stored XSS vulnerability in Chamilo LMS (<= v2.0) that can be exploited for privilege escalation. The PoC includes a Python script to generate a custom payload and detailed steps to execute the attack.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Chamilo LMS <= v2.0
Auth required
Prerequisites: Access to a Chamilo LMS account · Ability to create forum threads · Admin user interaction with the malicious thread
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.4
EPSS 0.0028
EPSS Percentile 19.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Apr 16, 2025
Tracked Since Feb 18, 2026