Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-26153

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.

Published

2025-04-16T21:15:46.770

Last Modified

2025-04-18T12:15:15.033

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

References

https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8 ([email protected])
https://github.com/chamilo/chamilo-lms/commit/beb07770d674fcc9db6df0e59aab107678c28682 ([email protected])
https://github.com/chamilo/chamilo-lms/commit/d5c29cf39ac30d7364a52bba4036c3e870412066 ([email protected])
https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8 (134c704f-9b21-4f2e-91b3-4a467353bcc0)