Vulnerability Description
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chamilo | Chamilo Lms | < 1.11.30 |
Related Weaknesses (CWE)
References
- https://github.com/chamilo/chamilo-lms/commit/790ef513aceacae6fe5b6641145901f04cPatch
- https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30ProductRelease Notes
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hc3c-8p55-xh4rExploitVendor Advisory
FAQ
What is CVE-2025-52468?
CVE-2025-52468 is a vulnerability with a CVSS score of 8.8 (HIGH). Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization o...
How severe is CVE-2025-52468?
CVE-2025-52468 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52468?
Check the references section above for vendor advisories and patch information. Affected products include: Chamilo Chamilo Lms.