CVE-2026-30882

{"id": "CVE-2026-30882", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2026-03-16T20:16:18.790", "references": [{"url": "https://github.com/chamilo/chamilo-lms/releases/tag/v1.11.36", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/chamilo/chamilo-lms/security/advisories/GHSA-qg5f-gq95-9vhq", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Chamilo LMS is a learning management system. Chamilo LMS version 1.11.34 and prior contains a Reflected Cross-Site Scripting (XSS) vulnerability in the session category listing page. The keyword parameter from $_REQUEST is echoed directly into an HTML href attribute without any encoding or sanitization. An attacker can inject arbitrary HTML/JavaScript by breaking out of the attribute context using \">followed by a malicious payload. The vulnerability is triggered when the pagination controls are rendered \u2014 which occurs when the number of session categories exceeds 20 (the page limit). This issue has been patched in version 1.11.36."}, {"lang": "es", "value": "Chamilo LMS es un sistema de gesti\u00f3n del aprendizaje. Chamilo LMS versi\u00f3n 1.11.34 y anteriores contiene una vulnerabilidad de cross-site scripting (XSS) reflejado en la p\u00e1gina de listado de categor\u00edas de sesi\u00f3n. El par\u00e1metro keyword de $_REQUEST se reproduce directamente en un atributo HTML href sin ninguna codificaci\u00f3n o sanitizaci\u00f3n. Un atacante puede inyectar HTML/JavaScript arbitrario saliendo del contexto del atributo usando \">seguido de una carga \u00fatil maliciosa. La vulnerabilidad se activa cuando se renderizan los controles de paginaci\u00f3n \u2014 lo que ocurre cuando el n\u00famero de categor\u00edas de sesi\u00f3n excede de 20 (el l\u00edmite de la p\u00e1gina). Este problema ha sido parcheado en la versi\u00f3n 1.11.36."}], "lastModified": "2026-03-17T18:52:21.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87C4F8D8-CDE4-42B6-8661-0F7823DC1079", "versionEndExcluding": "1.11.36"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}