Stored XSS Vulnerability in Chamilo LMS Messaging Feature
CVE-2025-26153
Currently unrated
What is CVE-2025-26153?
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS, specifically in version 1.11.28. This vulnerability allows attackers to inject malicious scripts into messages that are stored on the server. When a victim, such as an administrator, replies to the message, these scripts can execute in their browser context, potentially leading to unauthorized actions or data theft. It is crucial for users of this platform to be aware of this vulnerability and implement necessary mitigations.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.