CVE-2025-3149

Name of the Vulnerable Software and Affected Versions itning Student Homework Management System versions 1.2.7 and earlier

Description A problem was found in the itning Student Homework Management System. It affects an unknown function of the file /shw war/fileupload in the Edit Job Page component. The issue is caused by the manipulation of the Course argument, leading to cross-site scripting. This can be exploited remotely. The exploit has been made public and may be used. This issue only affects products that are no longer supported by the maintainer.

Recommendations For itning Student Homework Management System versions 1.2.7 and earlier, as a temporary workaround, consider restricting access to the /shw war/fileupload file and the Edit Job Page component to minimize the risk of exploitation. Avoid using the Course argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.