saurabh

3 exploits Active since Jun 2025
CVE-2025-46178 NOMISEC MEDIUM WRITEUP
Vishalmathur Cloudclassroom-php Project - XSS
Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
CVSS 6.1
CVE-2025-50866 NOMISEC MEDIUM WRITEUP
CloudClassroom-PHP-Project 1.0 - XSS
CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
CVSS 6.1
CVE-2025-46178 WRITEUP MEDIUM WRITEUP
Vishalmathur Cloudclassroom-php Project - XSS
Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
CVSS 6.1