CVE-2025-56762

MEDIUM

Paracrawl KeOPs v2 - Cross-Site Scripting in error.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-56762. PoCs published by Shaunak-Chatterjee.

AI-analyzed exploit summary This PoC demonstrates a reflected XSS vulnerability in the 'error.php' endpoint where the 'code' parameter is not sanitized, allowing arbitrary JavaScript execution. The exploit is trivial and relies on user interaction to trigger the payload.

Description

Paracrawl KeOPs v2 is vulnerable to Cross Site Scripting (XSS) in error.php.

Exploits (1)

nomisec WORKING POC

by Shaunak-Chatterjee · poc

https://github.com/Shaunak-Chatterjee/CVE-2025-56762

View Code ZIP pw:eip

This PoC demonstrates a reflected XSS vulnerability in the 'error.php' endpoint where the 'code' parameter is not sanitized, allowing arbitrary JavaScript execution. The exploit is trivial and relies on user interaction to trigger the payload.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Unspecified web application (error.php endpoint)

No auth needed

Prerequisites: User interaction required to visit the crafted URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/Shaunak-Chatterjee/CVE-2025-56762

Product

https://github.com/paracrawl/keops

Scores

CVSS v3 6.1

EPSS 0.0026

EPSS Percentile 16.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

paracrawl/keops 2

Published Sep 19, 2025

Tracked Since Feb 18, 2026