ByteOS Network

NVD Vulnerability Details :

CVE-2025-26153

Awaiting Analysis

Source-cve@mitre.org

Published At-16 Apr, 2025 | 21:15

Updated At-18 Apr, 2025 | 12:15

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-79

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8	cve@mitre.org	N/A
https://github.com/chamilo/chamilo-lms/commit/beb07770d674fcc9db6df0e59aab107678c28682	cve@mitre.org	N/A
https://github.com/chamilo/chamilo-lms/commit/d5c29cf39ac30d7364a52bba4036c3e870412066	cve@mitre.org	N/A
https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A