CVE-2025-1082

Name of the Vulnerable Software and Affected Versions Mindskip xzs-mysql 学之思开源考试系统 version 3.9.0

Description A problematic issue has been found in the Exam Edit Handler component. The manipulation of the title and content arguments in the "/api/admin/question/edit" API endpoint leads to cross-site scripting. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For Mindskip xzs-mysql 学之思开源考试系统 version 3.9.0, consider disabling the Exam Edit Handler component or restricting access to the "/api/admin/question/edit" API endpoint until a fix is available. Avoid using the title and content arguments in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.