PT-2025-17736 · Unknown · Online Class/Exam Scheduling System
Secloverwang
·
Published
2025-04-24
·
Updated
2025-05-14
·
CVE-2025-29568
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Online Class and Exam Scheduling System version 1.0
Description
A vulnerability has been discovered in the code, affecting some unknown features in the file /Scheduling/pages/class sched.php. Manipulating the
class parameter can lead to cross-site scripting (XSS).Recommendations
For Online Class and Exam Scheduling System version 1.0, consider restricting access to the /Scheduling/pages/class sched.php file until a patch is available. As a temporary workaround, avoid using the
class parameter in the affected endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Class/Exam Scheduling System