Description

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.

Remediation

References

CVE-2025-52564

Related Vulnerabilities

PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32028)

Vanilla Forums Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18903)

WordPress Plugin Improved Sale Badges for WooCommerce Security Bypass (4.3.2)

Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21696 )

WordPress Plugin Contact Form for WordPress-Ultimate Form Builder Lite Multiple Cross-Site Scripting Vulnerabilities (1.3.2)

Severity

Medium

Classification

CVE-2025-52564 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities