CVE-2025-28121
MEDIUMOnline Exam Mastering System 1.0 - Cross-Site Scripting via Feedback q Parameter
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2025-28121. PoCs published by Pruthu Raut, pruthuraut.
AI-analyzed exploit summary This is a working proof-of-concept for a reflected XSS vulnerability in code-projects Online Exam Mastering System 1.0, where the 'q' parameter in feedback.php is not properly sanitized, allowing arbitrary JavaScript execution.
Description
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code.
Exploits (2)
This is a working proof-of-concept for a reflected XSS vulnerability in code-projects Online Exam Mastering System 1.0, where the 'q' parameter in feedback.php is not properly sanitized, allowing arbitrary JavaScript execution.
This repository contains a detailed writeup and proof-of-concept for CVE-2025-28121, a reflected XSS vulnerability in Online Exam Mastering System 1.0 via the `q` parameter in `feedback.php`. The PoC demonstrates how malicious JavaScript can be injected and executed in the victim's browser.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N