CVE-2025-29427Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Online Class AND Exam Scheduling System

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 73.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fabian Online Class AND Exam Scheduling System
Timeline
PublishedMar 17

Description

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in profile.php via the member_first and member_last parameters.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:LExploitability: 1.2 | Impact: 4.7

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2025-29427: Code-projects Online Class and Exam Scheduling System V12025-03-17
GHSA
GHSA-r398-vw7q-9j92: Code-projects Online Class and Exam Scheduling System V12025-03-17
CVE-2025-29427 — MEDIUM severity | cvebase