QwikSec

Security Database

CVE

CWE

Training

CVE-2025-52482

Published: Mar 2, 2026

Modified: Mar 2, 2026

PUBLISHED

CVSS v3.1

8.3

HIGH

Description

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Vendor	Product	Versions
chamilo	chamilo-lms	affected `< 1.11.30`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

Low

References

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4

x_refsource_CONFIRM

https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0e

x_refsource_MISC

https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151

x_refsource_MISC

https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767be

x_refsource_MISC

https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.