PT-2026-22621 · Chamilo · Chamilo
Published
2026-03-02
·
Updated
2026-03-02
·
CVE-2025-52564
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Chamilo versions prior to 1.11.30
Description
Chamilo is a learning management system. The
open parameter in the help.php file does not properly sanitize user-supplied input. This allows an attacker to inject arbitrary HTML through a specially crafted URL. The vulnerable parameter is open.Recommendations
Update to version 1.11.30 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chamilo