Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-50866

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.

Published

2025-07-31T17:15:30.200

Last Modified

2025-08-06T16:51:07.707

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vishalmathur	cloudclassroom	1.0	Yes

References

https://github.com/SacX-7/CVE-2025-50866 Third Party Advisory ([email protected])