top of page
perceptive_background_267k.jpg

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teach…

Published:

1 March 2026 at 23:00:00

Alert date:

2 March 2026 at 16:01:55

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

A stored cross-site scripting (XSS) vulnerability has been discovered in Chamilo learning management system prior to version 1.11.30. The vulnerability exists in the glossary function and allows users with Teacher role privileges to inject malicious JavaScript code that can target administrators. This represents a privilege escalation attack vector where lower-privileged users can potentially compromise administrator accounts. The vulnerability has been addressed in Chamilo version 1.11.30 with multiple commits providing the necessary patches.

Technical details

Mitigation steps:

Affected products:

Chamilo LMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-52482
https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0e
https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151
https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767be
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page