CVE-2025-28121

MEDIUM

Code-projects Online Exam Mastering System - XSS

Title source: rule

Description

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code.

Exploits (2)

exploitdb WORKING POC
by Pruthu Raut · textremotephp
https://www.exploit-db.com/exploits/52272
nomisec WRITEUP
by pruthuraut · poc
https://github.com/pruthuraut/CVE-2025-28121

References (2)

Scores

CVSS v3 6.1
EPSS 0.0069
EPSS Percentile 72.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
code-projects/online_exam_mastering_system 1.0
Published Apr 21, 2025
Tracked Since Feb 18, 2026