Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-55208 - Vulnerability Database

Chamilo

Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2025-55208

Critical

Reference: CVE-2025-55208

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2025-55208

Title: Chamilo Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Chamilo is a learning management system. Versions prior to 1.11.34 have a Stored XSS through insecure file uploads in Social Networks. Through it a low-privilege user can execute arbitrary code in the admin user inbox allowing takeover of the admin account. Version 1.11.34 fixes the issue.