fkie_cve-2025-26153
Vulnerability from fkie_nvd
Published
2025-04-16 21:15
Modified
2025-04-18 12:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
References
cve@mitre.orghttps://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8
cve@mitre.orghttps://github.com/chamilo/chamilo-lms/commit/beb07770d674fcc9db6df0e59aab107678c28682
cve@mitre.orghttps://github.com/chamilo/chamilo-lms/commit/d5c29cf39ac30d7364a52bba4036c3e870412066
134c704f-9b21-4f2e-91b3-4a467353bcc0https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de XSS almacenado en la funci\u00f3n de redacci\u00f3n de mensajes de Chamilo LMS 1.11.28. Los atacantes pueden inyectar scripts maliciosos en los mensajes, que se ejecutan cuando las v\u00edctimas, como los administradores, responden al mensaje."
    }
  ],
  "id": "CVE-2025-26153",
  "lastModified": "2025-04-18T12:15:15.033",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-04-16T21:15:46.770",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/chamilo/chamilo-lms/commit/beb07770d674fcc9db6df0e59aab107678c28682"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/chamilo/chamilo-lms/commit/d5c29cf39ac30d7364a52bba4036c3e870412066"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "url": "https://gist.github.com/NoSpaceAvailable/234acdf57b5d7b29b2f39090c1686bc8"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.