PT-2025-41138 · Puneethreddyhc · Event Management System
Hafiz Pradana Gemilang
·
Published
2025-10-07
·
Updated
2025-10-07
·
CVE-2025-56243
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PuneethReddyHC Event Management System version 1.0
Description
A Cross-Site Scripting (XSS) issue exists in the register.php page. The
event id GET parameter is improperly handled, allowing an attacker to inject code into this parameter and execute arbitrary JavaScript in a victim’s browser by crafting a malicious URL.Recommendations
Apply appropriate input validation and output encoding to the
event id GET parameter in the register.php page.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Event Management System