SacX-7

3 exploits Active since Jun 2025
CVE-2025-46178 NOMISEC MEDIUM WRITEUP
Vishalmathur Cloudclassroom-php Project - XSS
Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
CVSS 6.1
CVE-2025-50866 NOMISEC MEDIUM WRITEUP
CloudClassroom-PHP-Project 1.0 - XSS
CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
CVSS 6.1
CVE-2025-50867 NOMISEC MEDIUM WRITEUP
CloudClassroom-PHP-Project 1.0 - SQL Injection
A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.
CVSS 6.5