CVE-2025-56605

MEDIUM

PuneethReddyHC Event Management System 1.0 - Reflected Cross-Site Scripting via Mobile Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-56605. PoCs published by Userr404.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-56605, a reflected XSS vulnerability in the Event Management System 1.0. It describes the vulnerability in the `mobile` POST parameter in `register.php`, includes steps to reproduce, and suggests mitigation techniques.

Description

A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute arbitrary JavaScript code in the victim's browser.

Exploits (1)

nomisec WRITEUP
by Userr404 · poc
https://github.com/Userr404/CVE-2025-56605

This repository provides a detailed technical analysis of CVE-2025-56605, a reflected XSS vulnerability in the Event Management System 1.0. It describes the vulnerability in the `mobile` POST parameter in `register.php`, includes steps to reproduce, and suggests mitigation techniques.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Event Management System 1.0
No auth needed
Prerequisites: Local clone of the vulnerable project · Ability to send crafted POST requests
devstral-2 · analyzed May 04, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.4
EPSS 0.0019
EPSS Percentile 8.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Feb 26, 2026
Tracked Since Feb 26, 2026