CVE-2025-52564

MEDIUM
2026-03-02 [email protected]
6.1
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch Released
Mar 03, 2026 - 18:21 nvd
Patch available
CVE Published
Mar 02, 2026 - 16:16 nvd
MEDIUM 6.1

Tags

PHP Chamilo Lms

Description

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.

Analysis

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. [CVSS 6.1 MEDIUM]

Technical Context

Classified as CWE-80 (Basic XSS). Affects Chamilo Lms. Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.

Affected Products

Vendor: Chamilo. Product: Chamilo Lms. Versions: up to 1.11.30.

Remediation

A vendor patch is available — apply it immediately. Fixed in version 1.11.30.. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Priority Score

31
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +30
POC: 0

Share

CVE-2025-52564 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy