Cross-Site Scripting Vulnerability in Code-Projects Online Class and Exam Scheduling System
CVE-2025-29568

4.8MEDIUM

Key Information:

Vendor
Code-Projects
Status
Online Class and Exam Scheduling System
Vendor
CVE Published:
24 April 2025

Summary

A vulnerability has been identified in the Online Class and Exam Scheduling System 1.0 by Code-Projects. The issue arises in the file /Scheduling/pages/class_sched.php, where improper input handling of the class parameter can allow an attacker to execute arbitrary JavaScript code in the context of the user’s browser. This could lead to unauthorized access to sensitive information, session hijacking, or defacement of the user interface. Developers and users of the affected system are advised to review their input validation mechanisms and apply necessary patches to mitigate potential risks.

References

https://github.com/secloverwang/-Vulnerability-recurrence...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-29568 : Cross-Site Scripting Vulnerability in Code-Projects Online Class and Exam Scheduling System | SecurityVulnerability.io