QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-52564

Back to search

CVE-2025-52564

Published: Mar 2, 2026

Modified: Mar 2, 2026

PUBLISHED

Description

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.

VendorProductVersions

chamilo

chamilo-lms

affected
< 1.11.30

Weaknesses (CWE)

CWE-80

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now