CVE-2025-1082 | Mindskip xzs-mysql 学之思开源考试系统 3.9.0 Exam Edit /api/admin/question/edit title/content cross site scripting

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting.

This vulnerability is traded as CVE-2025-1082. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1082 | Mindskip xzs-mysql 学之思开源考试系统 3.9.0 Exam Edit /api/admin/question/edit title/content cross site scripting

Post correlati

CVE-2024-36026 | Linux Kernel up to 6.1.86/6.6.27/6.8.6 MP1_UNLOAD denial of service

CVE-2023-51518 | Apache James Server up to 3.7.4/3.8.0 JMX Deserialization improper authentication

CVE-2024-33818 | Globitel KSA SpeechLog 8.1 userID resource injection

CVE-2024-34221 | SourceCodester Human Resource Management System 1.0 permission