15 matches found
CVE-2026-30882 Chamilo LMS: Reflected XSS in the session category listing page
Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $REQUEST is echoed directly into an HTML href attribute without any encoding or...
CVE-2026-30882 Chamilo LMS: Reflected XSS in the session category listing page
Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $REQUEST is echoed directly into an HTML href attribute without any encoding or...
CVE-2026-30882 Chamilo LMS: Reflected XSS in the session category listing page
Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting XSS vulnerability in the session category listing page. The keyword parameter from $REQUEST is echoed directly into an HTML href attribute without any encoding or...
CVE-2026-30882
Chamilo LMS (versions ...). The issue is triggered when pagination controls render (more than 20 session categories). A fix is available in version 1.11.36, which patches this vulnerability. If you cannot upgrade, apply an input sanitization/encoding workaround for the affected parameter and revi...
CVE-2025-52470
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...
CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...
CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...
CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...
CVE-2025-52470
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...
CVE-2025-52470
CVE-2025-52470 affects Chamilo LMS prior to version 1.11.30. It is a stored XSS vulnerability in session_category_add.php where improper sanitization of the Category Name allows privileged users to inject persistent JavaScript payloads. The injected script can execute when administrators access a...
PT-2026-22617
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the session category add.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent...
Chamilo 跨站脚本漏洞
Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the category name field in the file sessioncategoryadd.php, which could allow privileged...
Design/Logic Flaw
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section...
CVE-2023-37065
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section...
Chamilo 跨站脚本漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo version 1.11.x through versions...