Stored XSS Vulnerability in Chamilo LMS Messaging Feature
CVE-2025-26153
Currently unrated
What is CVE-2025-26153?
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS, specifically in version 1.11.28. This vulnerability allows attackers to inject malicious scripts into messages that are stored on the server. When a victim, such as an administrator, replies to the message, these scripts can execute in their browser context, potentially leading to unauthorized actions or data theft. It is crucial for users of this platform to be aware of this vulnerability and implement necessary mitigations.