exploitDog

GHSA-qfp6-39x3-xvfc

Опубликовано: 09 июн. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.

Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.

Ссылки

EPSS

Процентиль: 8%

0.00031

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-46178

CVSS3: 6.1

nvd

8 месяцев назад

Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.

EPSS

Процентиль: 8%

0.00031

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79