{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T10:40:02.832","vulnerabilities":[{"cve":{"id":"CVE-2025-52468","sourceIdentifier":"security-advisories@github.com","published":"2026-03-02T16:16:21.170","lastModified":"2026-03-03T18:23:43.910","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the \"Last Name\", \"First Name\", and \"Username\" fields. It allows attackers to inject a stored cross-site scripting (XSS) payload that is triggered when the user profile is viewed, potentially leading to malicious script execution in the context of the authenticated use. This issue has been patched in version 1.11.30."},{"lang":"es","value":"Chamilo es un sistema de gestión del aprendizaje. Antes de la versión 1.11.30, existe una vulnerabilidad de validación de entrada al importar datos de usuario desde archivos CSV. Este fallo ocurre debido a una sanitización insuficiente de los datos de usuario, específicamente en los campos 'Apellido', 'Nombre' y 'Nombre de usuario'. Permite a los atacantes inyectar una carga útil de cross-site scripting (XSS) almacenada que se activa cuando se visualiza el perfil del usuario, lo que podría llevar a la ejecución de scripts maliciosos en el contexto del uso autenticado. Este problema ha sido parcheado en la versión 1.11.30."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11.30","matchCriteriaId":"A3963F8D-F787-4A44-90A3-9F26F9E480AA"}]}]}],"references":[{"url":"https://github.com/chamilo/chamilo-lms/commit/790ef513aceacae6fe5b6641145901f04c7992dd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-hc3c-8p55-xh4r","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}