CVE-2025-15134

Name of the Vulnerable Software and Affected Versions yourmaileyes MOOC versions up to 1.17

Description A security flaw exists in yourmaileyes MOOC. This issue affects the subreview function within the mooc/controller/MainController.java file of the Submission Handler component. Manipulation of the review argument can lead to cross-site scripting. The attack can be initiated remotely. The exploit has been publicly released and may be exploited.

Recommendations Versions prior to 1.17 should be updated. As a temporary workaround, consider restricting or disabling the subreview function until a patch is available.