Vulnerability Description
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8
- https://github.com/chamilo/chamilo-lms/commit/beb07770d674fcc9db6df0e59aab107678
- https://github.com/chamilo/chamilo-lms/commit/d5c29cf39ac30d7364a52bba4036c3e870
- https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8
FAQ
What is CVE-2025-26153?
CVE-2025-26153 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply...
How severe is CVE-2025-26153?
CVE-2025-26153 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-26153?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.