Vulnerabilidades en chamilo
83 resultadosCVE-2026-33737MEDIUMChamilo LMS has an XML External Entity (XXE) InjectionEPSS 0.2%CVE-2026-34161MEDIUMChamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript ExecutionEPSS 0.2%CVE-2025-52470MEDIUMChamilo: Stored Cross-Site Scripting (XSS) via Session Category NameEPSS 0.2%CVE-2026-33736MEDIUMChamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data ExposureEPSS 0.2%CVE-2026-33708MEDIUMChamilo LMS has REST API PII Exposure via get_user_info_from_usernameEPSS 0.2%CVE-2026-33715HIGHChamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer actionEPSS 0.2%CVE-2026-30876MEDIUMChamilo LMS: User enumeration vulnerability via responseEPSS 0.2%CVE-2026-34602HIGHChamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into CoursesEPSS 0.2%CVE-2026-30882MEDIUMChamilo LMS: Reflected XSS in the session category listing pageEPSS 0.2%CVE-2026-32930HIGHChamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership CheckEPSS 0.2%CVE-2025-52564MEDIUMChamilo: HTML injection via open parameterEPSS 0.2%CVE-2025-52476MEDIUMChamilo: Reflected XSS via keyword_active parameterEPSS 0.2%CVE-2025-52475MEDIUMChamilo: Reflected XSS via keyword_inactive parameterEPSS 0.2%CVE-2026-32932MEDIUMChamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course EditEPSS 0.2%CVE-2025-59540MEDIUMChamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise FeedbackEPSS 0.2%CVE-2026-33703HIGHChamilo LMS Critical IDOR: Any Authenticated User Can Extract All Users’ Personal Data and API TokensEPSS 0.2%CVE-2026-33706HIGHChamilo LMS has a REST API Self-Privilege Escalation (Student → Teacher)EPSS 0.2%CVE-2025-59544MEDIUMChamilo: Unauthorized access to update category of any userEPSS 0.2%CVE-2025-66447NONEChamilo LMS has validation-less redirect on login pageEPSS 0.2%CVE-2025-52563MEDIUMChamilo: Reflected XSS via page parameterEPSS 0.2%