Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-52468 - Vulnerability Database

Chamilo

Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-52468

Medium

Reference: CVE-2025-52468

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-52468

Title: Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Chamilo is a learning management system. Prior to version 1.11.30 an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data specifically in the quotLast Namequot quotFirst Namequot and quotUsernamequot fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30.