CVE-2025-41070

Name of the Vulnerable Software and Affected Versions Sanoma Clickedu (affected versions not specified)

Description A Reflected Cross-site Scripting (XSS) issue exists in Sanoma's Clickedu. This allows an attacker to execute JavaScript code in a victim's browser by sending a malicious URL. The vulnerable endpoint is '/students/carpetes varies.php'. Successful exploitation could lead to the theft of sensitive user data, such as session cookies, or the performance of actions on behalf of the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.