CVE-2025-50866

Medium CVSS: 6.1

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.

Vendor

Vishalmathur

Product

Cloudclassroom

CWE

CWE-79

Yayın Tarihi

2025-07-31 17:15:30

Güncelleme

2025-08-06 16:51:07

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Cloudclassroom MEDIUM Vishalmathur 2025

Referanslar

https://github.com/SacX-7/CVE-2025-50866

Benzer Kayıtlar

Medium

CVE-2026-2058

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This im…

Critical

CVE-2025-52410

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php e…

Critical

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts…

Medium

CVE-2025-50867

A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where th…

Medium

CVE-2025-44608

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.

Medium

CVE-2025-51411

A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email paramete…