CVE-2025-26153

Published: 2025-04-16T21:15:46.770

Last Modified: 2025-04-16T21:15:46.770

Source: MITRE CVE List

License: MITRE-CVE-TOS

A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt