Primary

Context

Chamilo LMS Stored Cross-Site Scripting Vulnerability in Social Networks Feature

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Chamilo LMS versions prior to 1.11.34. This issue arises from insecure file uploads in the 'Social Networks' feature. A low-privilege user can exploit this vulnerability to execute arbitrary code in the inbox of an admin user, potentially leading to a takeover of the admin account.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user viewing the affected social network or internal messaging features. This could result in session hijacking, unauthorized actions performed with the victim's privileges, exfiltration of sensitive data, and the possibility of spreading the attack to other users.

Remediation

Users can upgrade to Chamilo LMS version 1.11.34 to address this vulnerability.

Added: Mar 5, 2026, 9:26 PM

Updated: Mar 5, 2026, 9:26 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

5.2

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

5.4

exploitability

5.2

remediation

7.7

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Chamilo LMS Stored Cross-Site Scripting Vulnerability in Social Networks Feature

Vulnerability

Impact

Remediation

Affected Products

Chamilo LMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating