CVE-2025-50869 | THREATINT

Description

A stored Cross-Site Scripting (XSS) vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code.

PUBLISHED Reserved 2025-06-16 | Published 2025-08-01 | Updated 2025-08-01 | Assigner mitre

References

portswigger.net/web-security/cross-site-scripting/stored

gist.github.com/b0mk35h/1fabbff8c95c6b7180c4ef404a337b8b

cve.org (CVE-2025-50869)

nvd.nist.gov (CVE-2025-50869)

Download JSON