216.73.217.64

CVE-2025-55289

· Published 06/03/2026 04:16 · Modified 06/03/2026 04:16

Labels: CVE-2025-55289 2026-03-06CVE-2025-55289CWE-79[email protected]

Essential information

Published
06/03/2026 04:16
Modified
06/03/2026 04:16
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the platform’s social network and internal messaging features. When viewed by an authenticated user (including administrators), the payload executes in their browser within the LMS context. This enables full account takeover via session hijacking, unauthorized actions with the victim’s privileges, exfiltration of sensitive data, and potential self-propagation to other users. This issue has been patched in version 1.11.34.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
chamilo / chamilo lms cpe:2.3:a:chamilo:chamilo_lms:<1.11.34:*:*:*:*:*:*:*

References