CVE-2026-34161

MEDIUM EPSS 12.3%
Published Apr 14, 20262mo ago · Modified Jun 17, 20262w ago
5.1 CVSS 4.0
Medium
Find Similar
Published Apr 14, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the /api/social_post_attachments endpoint. The uploaded file is served back from the application at the generated contentUrl without sanitization, content type restrictions, or a Content-Disposition: attachment header, causing the JavaScript to execute in the browser within the application's origin. Because the payload is stored server-side and runs in the trusted origin, an attacker can perform session hijacking, account takeover, privilege escalation (if an admin views the link), and arbitrary actions on behalf of the victim. This issue has been fixed in version 2.0.0-RC.3.

CVSS Details

Base Score
5.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
12.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 11

VendorProductVersionRange
chamilochamilo_lms* ≤1.11.38
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any
chamilochamilo_lms2.0.0any

References 4

  • github.com https://github.com/chamilo/chamilo-lms/commit/7c4965e48769d1d06413836429e386816a465c7f
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/commit/da671d66a146887be3a16eabc5dcf0a92c55f7da
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/releases/tag/v2.0.0-RC.3
    ProductRelease Notes
  • github.com https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-273p-jw9w-3g22
    Vendor Advisory

Remediation

  • github.com https://github.com/chamilo/chamilo-lms/commit/7c4965e48769d1d06413836429e386816a465c7f
    Patch
  • github.com https://github.com/chamilo/chamilo-lms/commit/da671d66a146887be3a16eabc5dcf0a92c55f7da
    Patch