CVE-2025-55289

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.34

Description Chamilo is a learning management system with a stored cross-site scripting (XSS) issue. The issue exists in the platform’s social network and internal messaging features. An attacker can inject arbitrary JavaScript code that executes in the browser of an authenticated user, including administrators, when they view the injected content. This can lead to full account takeover through session hijacking, unauthorized actions, and potential data theft. The vulnerable code is present in versions prior to 1.11.34.

Recommendations Update to version 1.11.34 or later.