CVE-2024-27524 is a Cross Site Scripting (XSS) vulnerability identified in Chamilo LMS version 1.11.26, specifically within the new_ticket.php component. The vulnerability arises from improper sanitization or validation of the filename parameter, allowing an attacker to inject malicious scripts. When a victim interacts with the crafted input, the script executes in their browser context, enabling privilege escalation within the LMS environment. The CVSS 3.1 base score of 7.1 reflects a network attack vector (AV:N), high attack complexity (AC:H), requiring low privileges (PR:L) and user interaction (UI:R). The impact metrics indicate high confidentiality, integrity, and availability impacts (C:H/I:H/A:H), meaning an attacker could steal sensitive data, modify content, or disrupt LMS services. Although no exploits are currently known in the wild and no official patches have been released, the vulnerability poses a significant risk due to the critical role of LMS platforms in education and training. The CWE-79 classification confirms this is a classic XSS issue, emphasizing the need for input validation and output encoding. The vulnerability was reserved in February 2024 and published in November 2024, suggesting recent discovery and disclosure.

The vulnerability allows attackers to execute arbitrary scripts in the context of authenticated users, potentially leading to session hijacking, credential theft, unauthorized data access, and manipulation of LMS content. This can disrupt educational operations, compromise student and staff data privacy, and damage institutional reputation. Given the high confidentiality, integrity, and availability impacts, attackers could also deface portals, inject malware, or cause denial of service. The requirement for user interaction and low privileges means social engineering or phishing could facilitate exploitation. Organizations relying on Chamilo LMS for critical training or educational delivery face operational risks, regulatory compliance issues, and potential financial losses if exploited.

Organizations should immediately audit their Chamilo LMS deployments to identify affected versions, specifically 1.11.26. Until an official patch is released, implement strict input validation and output encoding on the filename parameter in new_ticket.php to neutralize malicious scripts. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious payloads targeting this parameter. Educate users to recognize phishing attempts that could trigger exploitation. Restrict LMS access to trusted networks or VPNs to reduce exposure. Monitor logs for unusual activity related to ticket creation or filename inputs. Plan for rapid patch deployment once an official fix becomes available. Additionally, consider sandboxing or isolating the LMS environment to limit potential damage from successful attacks.