Vishalmathur: >> Cloudclassroom >> 1.0 Security Vulnerabilities
CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-07-31
A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-31