CVE-2025-56605

Name of the Vulnerable Software and Affected Versions PuneethReddyHC Event Management System version 1.0

Description A reflected Cross-Site Scripting (XSS) issue exists in the register.php script. The mobile parameter is not properly validated, and its value is echoed in the HTTP response without sanitization. This allows an attacker to inject and execute arbitrary JavaScript code in a victim’s browser. The vulnerable parameter is mobile.

Recommendations Ensure proper validation and sanitization of the mobile parameter in the register.php script to prevent the injection of malicious JavaScript code.