CVE-2025-52482
HIGHChamilo LMS < 1.11.30 - Authenticated Stored Cross-Site Scripting in Glossary Function
Title source: llmDescription
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4
Patch x_refsource_misc
https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0e
Patch x_refsource_misc
https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151
Patch x_refsource_misc
https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767be
Release Notes x_refsource_misc
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
Scores
CVSS v3
8.3
EPSS
0.0037
EPSS Percentile
28.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (1)
chamilo/chamilo_lms
< 1.11.30
Published
Mar 02, 2026
Tracked Since
Mar 02, 2026