CVE-2026-34161 | Chamilo LMS up to 2.0.0-RC.2 social_post_attachments cross site scripting (GHSA-273p-jw9w-3g22)

Inserito da Angelo Barbosa | Apr 14, 2026 | CVE

A vulnerability classified as problematic was found in Chamilo LMS up to 2.0.0-RC.2. This vulnerability affects unknown code of the file /api/social_post_attachments. Such manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-34161. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-34161 | Chamilo LMS up to 2.0.0-RC.2 social_post_attachments cross site scripting (GHSA-273p-jw9w-3g22)

Post correlati

CVE-2025-1405 | implecode Product Catalog Simple Plugin up to 1.7.11 on WordPress Shortcode show_products cross site scripting

CVE-2024-0731 | PCMan FTP Server 2.0.7 PUT Command denial of service

CVE-2024-1619 | Kaspersky Security for Linux Mail Server up to 8.0.3.30 injection

CVE-2023-0582 | Forgerock Access Management up to 7.0.2/7.1.3/7.2.0 path traversal