Vulnerabilities ›

CVE-2025-52476

Medium

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/u

CWE-79 — Weakness Type

                    Published: Mar 2, 2026                      ·  Modified: Mar 5, 2026                      ·  Source: NVD                

CVSS v3

6.1

🔗 NVD Official

📄 Description (English)

🤖 AI Executive Summary

Chamilo LMS versions prior to 1.11.30 contain a reflected XSS vulnerability in the admin user list functionality due to improper sanitization of the keyword_active parameter. While the CVSS score is moderate (6.1), this vulnerability could allow attackers to execute malicious scripts in administrator browsers, potentially leading to unauthorized access or data theft. A patch is available and should be applied immediately to all affected Chamilo installations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 23, 2026 17:33

🇸🇦 Saudi Arabia Impact Assessment

Saudi educational institutions, government training centers, and private universities utilizing Chamilo LMS are at risk. The vulnerability primarily impacts administrative users who manage student accounts and system configurations. Affected sectors include: Ministry of Education (MOE) institutions, ARAMCO training divisions, banking sector training programs, and healthcare education centers. Compromise of admin accounts could lead to unauthorized student record modifications, credential theft, or lateral movement within institutional networks.

🏢 Affected Saudi Sectors

Education (Ministry of Education, Universities, Training Centers) Government (Training and Development Centers) Banking (Employee Training Programs) Healthcare (Medical Education and Training) Energy (ARAMCO Training Divisions) Telecommunications (STC Training Programs)

🎯 MITRE ATT&CK Techniques

T1598.003 - Phishing: Spearphishing Link T1566.002 - Phishing: Phishing - Spearphishing Link T1204.001 - User Execution: Malicious Link T1539 - Steal Web Session Cookie T1110.001 - Brute Force: Password Guessing

⚖️ Saudi Risk Score (AI)

6.8

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE: Identify all Chamilo LMS installations in your organization and verify current version numbers

2. PATCHING: Upgrade all instances to Chamilo version 1.11.30 or later immediately

3. PRE-PATCH MITIGATION: If immediate patching is not possible, restrict admin/user_list.php access to trusted IP addresses only using WAF or network ACLs

4. INPUT VALIDATION: Implement Web Application Firewall (WAF) rules to block requests containing script tags or suspicious characters in the keyword_active parameter

5. DETECTION: Monitor access logs for admin/user_list.php with unusual keyword_active parameter values containing script tags or encoded payloads

6. VERIFICATION: After patching, test the keyword_active parameter with XSS payloads to confirm sanitization is working

7. AUDIT: Review admin account activity logs for the past 30 days to identify any suspicious activities or unauthorized changes

🔧 خطوات المعالجة (العربية)

1. فوري: حدد جميع تثبيتات Chamilo LMS في مؤسستك والتحقق من أرقام الإصدارات الحالية

2. التصحيح: قم بترقية جميع الحالات إلى إصدار Chamilo 1.11.30 أو أحدث على الفور

3. التخفيف قبل التصحيح: إذا لم يكن التصحيح الفوري ممكناً، قيد الوصول إلى admin/user_list.php إلى عناوين IP الموثوقة فقط باستخدام WAF أو قوائم التحكم في الوصول

4. التحقق من الإدخال: تطبيق قواعد جدار الحماية لتطبيقات الويب لحجب الطلبات التي تحتوي على علامات البرامج النصية أو أحرف مريبة في معامل keyword_active

5. الكشف: مراقبة سجلات الوصول لـ admin/user_list.php بقيم معامل keyword_active غير العادية التي تحتوي على علامات البرامج النصية أو الحمولات المشفرة

6. التحقق: بعد التصحيح، اختبر معامل keyword_active باستخدام حمولات XSS للتأكد من أن التنظيف يعمل

7. التدقيق: راجع سجلات نشاط حساب المسؤول لآخر 30 يوماً لتحديد أي أنشطة مريبة أو تغييرات غير مصرح بها

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.14.2.1 - Information security requirements for system development and maintenance ECC 2024 A.14.3.1 - Testing of changes ECC 2024 A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

SAMA CSF ID.BE-5.1 - Organizational resilience objectives SAMA CSF PR.DS-6 - Data is protected from unauthorized access SAMA CSF DE.CM-1 - The network is monitored to detect potential cybersecurity events

🟡 ISO 27001:2022

ISO 27001:2022 A.8.1 - Organizational controls for information security ISO 27001:2022 A.14.2.1 - Secure development policy ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities

🟣 PCI DSS v4.0.1

PCI DSS 6.5.7 - Cross-site scripting (XSS) prevention

🔗 References & Sources 3

🔗

https://github.com/chamilo/chamilo-lms/commit/349062d31533d464feea78d41996bc0857f90f61

security-advisories@github.com

Patch

🔗

https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.30

security-advisories@github.com

Product Release Notes

🔗

https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-pqjc-rvr9-w8m2

security-advisories@github.com

Vendor Advisory

📦 Affected Products / CPE 1 entries

chamilo:chamilo_lms

📊 CVSS Score

6.1

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.1

CWECWE-79

Exploit No

Patch ✓ Yes

Published 2026-03-02

Source Feed nvd

🇸🇦 Saudi Risk Score

6.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-79

🏢 Vendor Advisories

🔗 https://github.com/chamilo/chamilo-lms/security/advi...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-52476

Introduce Yourself

Sign In Required