CVE-2025-52468

{"id": "CVE-2025-52468", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-52468", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-03-02T20:21:08.403388Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "chamilo", "product": "chamilo-lms", "versions": [{"status": "affected", "version": "< 1.11.30"}]}]}], "published": "2026-03-02T16:16:21.170", "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/790ef513aceacae6fe5b6641145901f04c7992dd", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hc3c-8p55-xh4r", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the \"Last Name\", \"First Name\", and \"Username\" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30."}, {"lang": "es", "value": "Chamilo es un sistema de gesti\u00f3n del aprendizaje. Antes de la versi\u00f3n 1.11.30, existe una vulnerabilidad de validaci\u00f3n de entrada al importar datos de usuario desde archivos CSV. Este fallo ocurre debido a una sanitizaci\u00f3n insuficiente de los datos de usuario, espec\u00edficamente en los campos 'Apellido', 'Nombre' y 'Nombre de usuario'. Permite a los atacantes inyectar una carga \u00fatil de cross-site scripting (XSS) almacenada que se activa cuando se visualiza el perfil del usuario, lo que podr\u00eda llevar a la ejecuci\u00f3n de scripts maliciosos en el contexto del uso autenticado. Este problema ha sido parcheado en la versi\u00f3n 1.11.30."}], "lastModified": "2026-06-17T09:36:32.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3963F8D-F787-4A44-90A3-9F26F9E480AA", "versionEndExcluding": "1.11.30"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}