CVE-2025-59542 in LMS정보

요약

\~에 의해 MITRE • 2026. 03. 06.

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account (e.g., trainer) can execute arbitrary JavaScript code in the context of any other user viewing the course information page, including administrators. This allows an attacker to exfiltrate sensitive session cookies or tokens, resulting in account takeover (ATO) of higher-privileged users. This issue has been patched in version 1.11.34.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2025. 09. 17.

공개

2026. 03. 06.

모더레이션

수락

항목

VDB-349353

CPE

준비됨

CWE

CWE-79 (확인됨)

CVSS

9.0 (CNA)

EPSS

0.00021

KEV

아니요

활동

매우 낮음

부문

Agriculture, Lawfirm, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-59542
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-59542
CVE Details	https://www.cvedetails.com/cve/CVE-2025-59542/

◂ 이전 개요 다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!