PT-2025-37398 · Selleo · Selleo Mentingo

Khanmarshal

Published

2025-09-14

Updated

2025-09-14

CVE-2025-10388

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Selleo Mentingo version 2025.08.27

Description A cross-site scripting issue exists due to manipulation of the Description argument in the processing of the /api/course/enroll-course endpoint within the Create New Course Basic Settings component. The attack can be launched remotely.

Recommendations As a temporary workaround, consider restricting access to the /api/course/enroll-course endpoint until a fix is available. Sanitize the Description argument to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2025-10388

Affected Products

Selleo Mentingo

PT-2025-37398 · Selleo · Selleo Mentingo

CVE-2025-10388

Weakness Enumeration

Related Identifiers

Affected Products

References · 9