CVE-2025-28121

MEDIUM

Code-projects Online Exam Mastering System - XSS

Title source: rule

Description

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code.

Exploits (2)

nomisec WRITEUP

by pruthuraut · poc

https://github.com/pruthuraut/CVE-2025-28121

View Code ZIP pw:eip

exploitdb WORKING POC

by Pruthu Raut · textremotephp

https://www.exploit-db.com/exploits/52272

View Code ZIP pw:eip

References (2)

[Product] https://code-projects.org/online-exam-mastering-system-php/

[Exploit, Third Party Advisory] https://github.com/pruthuraut/CVE-2025-28121

Scores

CVSS v3 6.1

EPSS 0.0069

EPSS Percentile 71.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

code-projects/online_exam_mastering_system

Timeline

Published Apr 21, 2025

Tracked Since Feb 18, 2026