CVE-2025-60782

MEDIUM

PHP Education Manager 1.0 - Stored Cross-Site Scripting in Topics Management Module

Title source: llm
STIX 2.1

Description

PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates.

Scores

CVSS v3 5.4
EPSS 0.0021
EPSS Percentile 11.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
iqbolshoh/php_education_management 1.0
Published Oct 02, 2025
Tracked Since Feb 18, 2026