Description

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Remediation

References

CVE-2025-52482

Related Vulnerabilities

WordPress Plugin Pinpoint Booking System-#1 WordPress Booking SQL Injection (2.0)

Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2009-3555)

Oracle JRE CVE-2013-1569 Vulnerability (CVE-2013-1569)

Drupal Other Vulnerability (CVE-2006-0070)

WordPress Plugin Participants Database Multiple Vulnerabilities (1.7.5.3)

Severity

High

Classification

CVE-2025-52482 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Tags

Missing Update Known Vulnerabilities