CVE-2025-56243

Medium CVSS: 6.1

A Cross-Site Scripting (XSS) vulnerability was found in the register.php page of PuneethReddyHC Event Management System 1.0, where the event_id GET parameter is improperly handled. An attacker can craft a malicious URL to execute arbitrary JavaScript in the victim s browser by injecting code into this parameter.

Vendor

Puneethreddyhc

Product

Event Management System

CWE

CWE-79

Yayın Tarihi

2025-10-07 17:15:33

Güncelleme

2025-10-15 18:35:26

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Event Management System MEDIUM Puneethreddyhc 2025

Referanslar

https://gist.github.com/hafizgemilang/a75cbf48883881e0b27d33c67906d9d6

Benzer Kayıtlar

Critical

CVE-2025-65354

Improper input handling in /Grocery/search_products_itname.php inPuneethReddyHC event-management 1.0 permits SQL injecti…

High

CVE-2024-58316

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows…

High

CVE-2025-51970

A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 du…