CVE-2025-52482 - Vulnerability Analysis
HighCVSS: 8.3Last Updated: March 3, 2026
Chamilo - Stored XSS
Overview
Chamilo < 1.11.30 contains a stored XSS caused by improper sanitization in the glossary function, letting users with Teachers role inject malicious JavaScript against administrators, exploit requires Teacher role.
Severity & Score
Impact
Attackers with Teacher role can execute malicious JavaScript in administrator's browser, potentially leading to session hijacking or further attacks.
Mitigation
Update to version 1.11.30 or later.
References
- https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4
- https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0e
- https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151
- https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767be
Social Media Activity(1 post)
š CVE-2025-52482 - High (8.3) Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has ... š https://www.thehackerwire.com/vulnerability/CVE-2025-52482/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-52482
- Severity
- High
- CVSS Score
- 8.3
- Type
- stored_xss
- Status
- confirmed
- EPSS
- 3.8%
- Social Posts
- 1
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L