Plattform
php
Komponente
chamilo-lms
Behoben in
1.11.35
CVE-2025-59543 describes a stored cross-site scripting (XSS) vulnerability affecting Chamilo LMS versions prior to 1.11.34. This vulnerability allows an attacker to inject malicious JavaScript code into course descriptions, potentially leading to account takeover. The vulnerability has been patched in version 1.11.34, and users are strongly advised to upgrade.
The impact of this XSS vulnerability is significant. An attacker with a low-privileged account, such as a trainer, can inject malicious JavaScript into the course description field. When other users, including administrators, view the course information page, the injected script executes in their browser context. This allows the attacker to steal sensitive session cookies or tokens, effectively enabling account takeover (ATO) of higher-privileged accounts. The attacker could then gain unauthorized access to sensitive data, modify course content, or perform other actions as the compromised administrator.
CVE-2025-59543 was publicly disclosed on 2026-03-06. No public proof-of-concept (POC) code has been released at the time of writing. The CVSS score of 9.1 (CRITICAL) indicates a high probability of exploitation if the vulnerability is exposed. It is not currently listed on the CISA KEV catalog.
Organizations using Chamilo LMS, particularly those with trainer roles that have the ability to modify course descriptions, are at risk. Shared hosting environments where multiple users have access to the same Chamilo instance are also particularly vulnerable, as a compromised trainer account could impact all users on the server.
• php: Examine Chamilo LMS logs for unusual JavaScript execution patterns or suspicious activity related to course description modifications.
grep -i 'javascript:' /var/log/chamilo/error.log• generic web: Check course description fields for injected JavaScript code using curl or wget.
curl 'https://your-chamilo-instance.com/course/view.php?id=123' | grep '<script>' • generic web: Review access logs for requests containing suspicious URL parameters or POST data related to course creation or modification.
disclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-59543 is to upgrade Chamilo LMS to version 1.11.34 or later. If upgrading is not immediately feasible, consider implementing input validation and sanitization on all user-supplied data, particularly within the course description field. Web application firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and audit course content for suspicious scripts.
Aktualisieren Sie Chamilo LMS auf Version 1.11.34 oder höher. Diese Version behebt die gespeicherte XSS-Schwachstelle in der Kursbeschreibung und verhindert so eine mögliche Account Takeover.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-59543 is a critical stored cross-site scripting (XSS) vulnerability in Chamilo LMS versions prior to 1.11.34, allowing attackers to inject malicious JavaScript.
You are affected if you are using Chamilo LMS version 1.11.34 or earlier. Upgrade to 1.11.34 to resolve the vulnerability.
Upgrade Chamilo LMS to version 1.11.34. Consider input validation and WAF rules as temporary mitigations.
There is no current evidence of active exploitation, but the vulnerability's criticality warrants immediate action.
Refer to the official Chamilo security advisory for detailed information and updates: [https://www.chamilo.org/en/security-advisories](https://www.chamilo.org/en/security-advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.