Home / Vulnerability Intelligence / CVE-2025-52468

CVE-2025-52468 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 2, 2026

Chamilo - Stored XSS

Published: March 2, 2026Updated: March 2, 2026Remote Exploitable

Overview

Chamilo < 1.11.30 contains a stored XSS caused by insufficient sanitization of user data in "Last Name", "First Name", and "Username" fields during CSV import, letting attackers execute scripts in authenticated user context, exploit requires user profile view.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can execute malicious scripts in authenticated users' browsers, potentially stealing data or performing actions on their behalf.

Mitigation

Update to version 1.11.30 or later.

References

https://github.com/chamilo/chamilo-lms/commit/790ef513aceacae6fe5b6641145901f04c7992dd
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hc3c-8p55-xh4r

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2025-52468
Severity: High
CVSS Score: 8.8
Type: stored_xss
Status: unconfirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H