CVE-2025-52563

MEDIUM

Chamilo <1.11.30 - XSS

Title source: llm

Description

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/add_users_to_session.php endpoint. This issue has been patched in version 1.11.30.

References (2)

[Vendor Advisory] https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-h3m8-53j3-xjx8

[Release Notes] https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 10.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-80 CWE-87

Status published

Products (1)

chamilo/chamilo_lms < 1.11.30

Published Mar 02, 2026

Tracked Since Mar 02, 2026