CVE-2025-46178

EIP tracks 1 public exploit for CVE-2025-46178. PoCs published by SacX-7.

AI-analyzed exploit summary This repository describes a reflected XSS vulnerability in the CloudClassroom PHP Project via the 'eid' parameter in askquery.php. The payload demonstrates arbitrary JavaScript execution, and the writeup includes mitigation recommendations.

Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.