CVE-2025-51411 (CNNVD-202507-3230)
中文标题:
Institute-of-Current-Students 安全漏洞
英文标题:
A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 vi...
漏洞描述
中文描述:
Institute-of-Current-Students是Vishal Mathur个人开发者的一个学校管理网站。 Institute-of-Current-Students 1.0版本存在安全漏洞,该漏洞源于email参数清理不当,可能导致反射型跨站脚本。
英文描述:
A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to inject and execute arbitrary JavaScript code in the context of the victim's browser by tricking them into visiting a crafted URL or submitting a malicious form. Successful exploitation may lead to session hijacking, credential theft, or other client-side attacks.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| vishalmathur | institute-of-current-students | 1.0 | - | - |
cpe:2.3:a:vishalmathur:institute-of-current-students:1.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (adp)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-51411 |
2025-11-11 15:23:26 | 2025-11-11 07:40:39 |
| NVD | nvd_CVE-2025-51411 |
2025-11-11 15:00:57 | 2025-11-11 07:48:27 |
| CNNVD | cnnvd_CNNVD-202507-3230 |
2025-11-11 15:12:51 | 2025-11-11 08:00:02 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202507-3230
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 0 -> 1
- data_sources: ['cve'] -> ['cve', 'nvd']