XSS in Chamilo Chamilo-lms
CVE-2026-34161
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (1.8th percentile) — read the EPSS interpretation.
Affected products
- Chamilo Chamilo-lms — versions < 2.0.0-RC.3
Weakness classification (CWE)
References
- https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-273p-jw9w-3g22 (x_refsource_CONFIRM)
- https://github.com/chamilo/chamilo-lms/commit/7c4965e48769d1d06413836429e386816a465c7f (x_refsource_MISC)
- https://github.com/chamilo/chamilo-lms/commit/da671d66a146887be3a16eabc5dcf0a92c55f7da (x_refsource_MISC)
- https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3 (x_refsource_MISC)