CVE-2025-46178

Description

Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.

PUBLISHED Reserved 2025-04-22 | Published 2025-06-09 | Updated 2025-06-10 | Assigner mitre

References

github.com/... Scripting (XSS) in CloudClassroom PHP Project exploit

github.com/... Scripting (XSS) in CloudClassroom PHP Project

cve.org (CVE-2025-46178)

nvd.nist.gov (CVE-2025-46178)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.