ГлавнаяУязвимости → CVE-2025-52482
8.3высокая

CVE-2025-52482

Описание

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Затрагиваемое ПО
Chamilo Chamilo lms
CVSS
Балл8.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Источники
https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0ehttps://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767behttps://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4