Vulnerabilities

CVE-2025-50186 - Chamilo: Stored XSS via Malicious CSV Filename in user_import.php

2026-03-02 0 views admin

CVE ID : CVE-2025-50186 Published : March 2, 2026, 2:36 p.m. | 41 minutes ago Description : Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file (e.g., .csv) that leads to JavaScript execution when viewed by administrators or users with access to import logs or file views. This issue has been patched in version 1.11.30. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-50186

Published

March 2, 2026

Impact: XSS

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-50186

CVE-2025-50186 - Chamilo: Stored XSS via Malicious CSV Filename in user_import.php

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-0020 - Android ParsedPermissionUtils parsePermissionGroup Permissions Bypass

CVE-2026-0021 - Google Android Confused Deputy Permission Bypass

CVE-2026-0023 - Google PackageInstaller Service Local Privilege Escalation

CVE-2026-0024 - Android MediaProvider Missing Permission Check Information Disclosure

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting