CVE-2025-52482

{"id": "CVE-2025-52482", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-52482", "role": "CISA Coordinator", "options": [{"exploitation": "poc"}, {"automatable": "no"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-03-02T19:22:36.084802Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.7}]}, "affected": [{"source": "security-advisories@github.com", "affectedData": [{"vendor": "chamilo", "product": "chamilo-lms", "versions": [{"status": "affected", "version": "< 1.11.30"}]}]}], "published": "2026-03-02T15:16:30.990", "references": [{"url": "https://github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0e", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767be", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30."}, {"lang": "es", "value": "Chamilo es un sistema de gesti\u00f3n del aprendizaje. Antes de la versi\u00f3n 1.11.30, existe una vulnerabilidad de XSS Almacenado en la funci\u00f3n de glosario, que permite a todos los usuarios con el rol de Profesor inyectar c\u00f3digo JavaScript malicioso contra el administrador. Este problema ha sido parcheado en la versi\u00f3n 1.11.30."}], "lastModified": "2026-06-17T09:36:34.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3963F8D-F787-4A44-90A3-9F26F9E480AA", "versionEndExcluding": "1.11.30"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}