3 matches found
EUVD-2025-208336
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course description field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript code in the...
CVE-2025-59543 Chamilo: Account Takeover via Stored XSS in Course Description
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course description field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript code in the...
CVE-2025-59543
CVE-2025-59543 describes a stored XSS in Chamilo LMS prior to version 1.11.34. An attacker with a low-privilege account (e.g., trainer) can inject malicious JavaScript into the course description, which executes in other users’ browsers (including admins) and can exfiltrate session cookies/tokens...