CVE-2025-52564

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-52564

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52564.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-52564

Aliases

GHSA-6fmm-qrx4-wgqc

Published

2026-03-02T15:54:42.410Z

Modified

2026-03-02T19:55:08.040355Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Chamilo: HTML injection via open parameter

Details

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as underlined text, via a crafted URL. This issue has been patched in version 1.11.30.

Database specific

{
    "cwe_ids": [
        "CWE-80"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/52xxx/CVE-2025-52564.json"
}

References

Affected packages

Git / github.com/chamilo/chamilo-lms

Affected ranges

Type

GIT

Repo

https://github.com/chamilo/chamilo-lms

Events

Introduced

Fixed

f748d50e9e6f3d9262a7f9f7d76447d433c64170

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.30"
        }
    ]
}

Affected versions

1.*

1.10.x.pre-doctrine

Other

CHAMILO_1_10_DEV_ICPNA_20130114

CHAMILO_1_8_6_2_BETA_1

CHAMILO_1_8_6_2_STABLE

CHAMILO_1_8_6_2_STABLE_BIS

CHAMILO_1_8_6_2_STABLE_CUATER

CHAMILO_1_8_6_2_STABLE_TRIS

CHAMILO_1_8_7_1_STABLE_1

CHAMILO_1_8_7_1_STABLE_2

CHAMILO_1_8_7_ALPHA_1

CHAMILO_1_8_7_ALPHA_2

CHAMILO_1_8_7_BETA_1

CHAMILO_1_8_7_RC2

CHAMILO_1_8_7_RC_1

CHAMILO_1_8_7_STABLE

CHAMILO_1_8_7_STABLE_BIS

CHAMILO_1_8_8_2_RC_1

CHAMILO_1_8_8_2_STABLE

CHAMILO_1_8_8_2_STABLE_2

CHAMILO_1_8_8_2_STABLE_3

CHAMILO_1_8_8_4_BETA_1

CHAMILO_1_8_8_4_STABLE

CHAMILO_1_8_8_ALPHA

CHAMILO_1_8_8_BETA_1

CHAMILO_1_8_8_BETA_2

CHAMILO_1_8_8_BETA_3

CHAMILO_1_8_8_STABLE_1

CHAMILO_1_9_0_ALPHA_1

CHAMILO_1_9_0_ALPHA_2

CHAMILO_1_9_0_ALPHA_3

CHAMILO_1_9_0_ALPHA_4

CHAMILO_1_9_0_ALPHA_5

CHAMILO_1_9_0_ALPHA_6

CHAMILO_1_9_0_ALPHA_7

CHAMILO_1_9_0_PRE_ALPHA

CHAMILO_1_9_0_RC_1

CHAMILO_1_9_0_STABLE

CHAMILO_1_9_0_STABLE_2

CHAMILO_1_9_0_STABLE_3

CHAMILO_1_9_2_STABLE

CHAMILO_1_9_2_STABLE_BIS

CHAMILO_1_9_2_STABLE_QUARTER

CHAMILO_1_9_2_STABLE_TRIS

CHAMILO_1_9_4_ALPHA_1

CHAMILO_1_9_4_RC_1

CHAMILO_1_9_4_STABLE

CHAMILO_1_9_6_RC_1

CHAMILO_1_9_6_RC_2

CHAMILO_1_9_6_STABLE

CHAMILO_1_8_8.*

CHAMILO_1_8_8.3_STABLE_4

v1.*

v1.10.6-softaculous

v1.10.6-stable

v1.11.10

v1.11.12

v1.11.12-beta.1

v1.11.14

v1.11.14-beta.1

v1.11.18

v1.11.20

v1.11.20-beta.1

v1.11.22

v1.11.22-beta.1

v1.11.22-beta.2

v1.11.24

v1.11.26

v1.11.26-rc.1

v1.11.28

v1.11.30-rc.1

v1.11.6

v1.11.6-alpha.1

v1.11.8

v1.8.6.1

v1.9.10

v1.9.10.2

v1.9.8

v1.9.8.1

v1.9.8.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-52564.json"