CVE-2025-51411

Name of the Vulnerable Software and Affected Versions Institute-of-Current-Students version 1.0

Description A reflected cross-site scripting (XSS) issue exists due to improper sanitization of user input. Specifically, the application fails to sanitize the email parameter before reflecting it in the HTML response. This allows attackers to inject and execute arbitrary JavaScript code in the context of a victim’s browser. Successful exploitation may lead to session hijacking or credential theft. The vulnerable endpoint is /postquerypublic.

Recommendations Institute-of-Current-Students version 1.0: Sanitize user input for the email parameter in the /postquerypublic endpoint to prevent the injection of malicious scripts.