top of page
perceptive_background_267k.jpg

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw o…

Published:

1 maart 2026 om 23:00:00

Alert date:

2 maart 2026 om 21:08:05

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications

A stored cross-site scripting (XSS) vulnerability exists in Chamilo learning management system prior to version 1.11.30. The flaw occurs during CSV file import of user data due to insufficient input validation and sanitization of the Last Name, First Name, and Username fields. Attackers can inject malicious XSS payloads that execute when user profiles are viewed by authenticated users. The vulnerability allows for malicious script execution in the context of authenticated users. This security issue has been addressed and patched in Chamilo version 1.11.30.

Technical details

Mitigation steps:

Affected products:

Chamilo LMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-52468
https://github.com/chamilo/chamilo-lms/commit/790ef513aceacae6fe5b6641145901f04c7992dd
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hc3c-8p55-xh4r

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page