CVE-2025-52470

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description A stored cross-site scripting (XSS) issue exists in the 'session category add.php' script. Improper sanitization of the Category Name field allows privileged users to inject persistent JavaScript payloads. These scripts are executed when accessing 'add many sessions to category.php', which can lead to the compromise of administrative sessions.

Recommendations Update to version 1.11.30.