CVE-2025-26153: XSS
First published: Wed Apr 16 2025(Updated: )
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Chamilo LMS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-26153?
CVE-2025-26153 is classified as a high-severity Stored XSS vulnerability affecting Chamilo LMS.
How do I fix CVE-2025-26153?
To fix CVE-2025-26153, update Chamilo LMS to version 1.11.29 or later, which addresses the vulnerability.
Who is affected by CVE-2025-26153?
Administrators and other users who interact with the message compose feature in Chamilo LMS 1.11.28 are affected by CVE-2025-26153.
What type of attacks can be executed using CVE-2025-26153?
CVE-2025-26153 allows attackers to inject malicious scripts that execute when victims reply to messages within Chamilo LMS.
Is CVE-2025-26153 a remote or local vulnerability?
CVE-2025-26153 is a remote vulnerability that can be exploited by attackers without physical access to the affected system.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/source
- agent/author
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- vendor/chamilo
- canonical/chamilo lms