CVE-2026-30882 in LMS정보

요약

\~에 의해 MITRE • 2026. 03. 16.

Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page. The keyword parameter from $_REQUEST is echoed directly into an HTML href attribute without any encoding or sanitization. An attacker can inject arbitrary HTML/JavaScript by breaking out of the attribute context using ">followed by a malicious payload. The vulnerability is triggered when the pagination controls are rendered — which occurs when the number of session categories exceeds 20 (the page limit). This issue has been patched in version 1.11.36.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

GitHub M

예약하다

2026. 03. 06.

모더레이션

수락

항목

VDB-351328

EPSS

0.00013

KEV

아니요

활동

매우 낮음

부문

Lawfirm, Hostingprovider, ...

출처

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-30882
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-30882
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-30882/

이전개요다음

Want to stay up to date on a daily basis?

Enable the mail alert feature now!