Cross-Site Scripting Vulnerability in yzk2356911358 Student Management Handler
CVE-2025-3036

4.8MEDIUM

Key Information:

Vendor
Yzk2356911358
Status
Studentservlet-jsp
Vendor
CVE Published:
31 March 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability has been identified in the Student Management Handler of yzk2356911358's StudentServlet-JSP. This issue allows an attacker to manipulate the 'Name' argument, leading to potential cross-site scripting attacks. Such vulnerabilities enable malicious actors to execute unauthorized scripts in the context of a user's session, posing serious security risks. The issue can be exploited remotely, and public disclosure of the exploit increases the urgency for affected users to address this vulnerability. As the product uses a rolling release model, specific version information for affected updates may not be explicitly available.

Affected Version(s)

StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5

StudentServlet-JSP d4d7a0643f1dae908a4831206f2714b21820f991

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-3036 - Proof of Concept

References

https://vuldb.com/?id.302097
vdb-entrytechnical-description
https://vuldb.com/?ctiid.302097
signaturepermissions-required
https://vuldb.com/?submit.524630
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

TTTlw1024 (VulDB User)
.