ByteOS Network

NVD Vulnerability Details :

CVE-2025-52482

Received

Source-security-advisories@github.com

Published At-02 Mar, 2026 | 15:16

Updated At-02 Mar, 2026 | 15:16

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Type: Secondary

Version: 3.1

Base score: 8.3

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	security-advisories@github.com

CWE ID: CWE-79

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0e	security-advisories@github.com	N/A
https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151	security-advisories@github.com	N/A
https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767be	security-advisories@github.com	N/A
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30	security-advisories@github.com	N/A
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4	security-advisories@github.com	N/A