Vulnerability Description
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chamilo | Chamilo Lms | < 1.11.30 |
Related Weaknesses (CWE)
References
- https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438Patch
- https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0Patch
- https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb46Patch
- https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30ProductRelease Notes
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4ExploitMitigationVendor Advisory
FAQ
What is CVE-2025-52482?
CVE-2025-52482 is a vulnerability with a CVSS score of 8.3 (HIGH). Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious ...
How severe is CVE-2025-52482?
CVE-2025-52482 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-52482?
Check the references section above for vendor advisories and patch information. Affected products include: Chamilo Chamilo Lms.