CVE-2025-50866

Medium CVSS 6.1

Overview

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.

CWE: CWE-79 Published: 2025-07-31T17:15:30.200

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.1 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags