CVE-2025-52468

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description Chamilo, a learning management system, contains an input validation issue when importing user data from CSV files. Insufficient sanitization of the "Last Name", "First Name", and "Username" fields allows for the injection of a stored cross-site scripting (XSS) payload. This payload is triggered when a user profile is viewed, potentially leading to malicious script execution within the context of an authenticated user. The vulnerable code does not properly validate user-supplied data during the import process.

Recommendations Update to version 1.11.30 or later to address this vulnerability.