CVE-2025-52564
Chamilo: HTML injection via open parameter
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.
| CWE | CWE-80 |
| Vendor | chamilo |
| Product | chamilo-lms |
| Published | Mar 2, 2026 |
| Last Updated | Mar 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for chamilo chamilo-lms
Be the first to know when new unknown vulnerabilities affecting chamilo chamilo-lms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
chamilo / chamilo-lms
< 1.11.30
References
github.com: https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-6fmm-qrx4-wgqc github.com: https://github.com/chamilo/chamilo-lms/commit/083b1d2b0c29b0cc0313a28165ad47bebae9dcb2 github.com: https://github.com/chamilo/chamilo-lms/commit/1ee2d8bb61b67e08946cd80b1a9b92c1a9959c7b github.com: https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30