Description

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScript payloads. The injected script is later executed when accessing add_many_sessions_to_category.php, potentially compromising administrative sessions. This issue has been patched in version 1.11.30.

INFO

Published Date :

2026-03-02T15:48:36.575Z

Last Modified :

2026-03-02T20:01:06.911Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52470 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52470.

URL Resource
https://github.com/chamilo/chamilo-lms/commit/ead79db4eb034b8c11a3d6036759d083de37530c cve-icon cve-icon
https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30 cve-icon cve-icon
https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-p4m6-gwhg-x89f cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact