Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026

Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php

CVE-2025-52482

Description

Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.

Affected products

Chamilo/Chamilo Lmsv5
Range: < 1.11.30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/chamilo/chamilo-lms/commit/241c569dde0ad0e34d558ae51271f70438189b0emitrex_refsource_MISC
github.com/chamilo/chamilo-lms/commit/82cc07edd8ef316e6b36da7c501120d5c0aeb151mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/commit/f9150075246df4ed9755a4a150e25edb468767bemitrex_refsource_MISC
github.com/chamilo/chamilo-lms/releases/tag/v1.11.30mitrex_refsource_MISC
github.com/chamilo/chamilo-lms/security/advisories/GHSA-4wcp-3rh3-7wm4mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000