CVE-2025-56605

MEDIUM

Event Management System 1.0 - XSS

Title source: llm

Description

A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute arbitrary JavaScript code in the victim's browser.

Exploits (1)

nomisec WRITEUP

by Userr404 · poc

https://github.com/Userr404/CVE-2025-56605

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/Userr404/CVE-2025-56605

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0002

EPSS Percentile 4.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published Feb 26, 2026

Tracked Since Feb 26, 2026