CVE-2025-51411

A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to inject and execute arbitrary JavaScript code in the context of the victim's browser by tricking them into visiting a crafted URL or submitting a malicious form. Successful exploitation may lead to session hijacking, credential theft, or other client-side attacks.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/tansique-17/CVE-2025-51411/	Exploit Third Party Advisory
https://github.com/tansique-17/CVE-2025-51411/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vishalmathur:institute-of-current-students:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-25 13:15

Updated : 2025-10-09 19:42

NVD link : CVE-2025-51411

Mitre link : CVE-2025-51411

CVE.ORG link : CVE-2025-51411

JSON object : View

Products Affected

vishalmathur

institute-of-current-students

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-51411", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-07-25T13:15:30.073", "references": [{"url": "https://github.com/tansique-17/CVE-2025-51411/", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/tansique-17/CVE-2025-51411/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to inject and execute arbitrary JavaScript code in the context of the victim's browser by tricking them into visiting a crafted URL or submitting a malicious form. Successful exploitation may lead to session hijacking, credential theft, or other client-side attacks."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en Institute-of-Current-Students v1.0 a trav\u00e9s del par\u00e1metro de correo electr\u00f3nico en el endpoint /postquerypublic. La aplicaci\u00f3n no depura correctamente la entrada del usuario antes de reflejarla en la respuesta HTML. Esto permite a atacantes no autenticados inyectar y ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima, enga\u00f1\u00e1ndola para que visite una URL manipulada o env\u00ede un formulario malicioso. Una explotaci\u00f3n exitosa puede provocar secuestro de sesi\u00f3n, robo de credenciales u otros ataques del lado del cliente."}], "lastModified": "2025-10-09T19:42:59.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vishalmathur:institute-of-current-students:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E670A96A-B432-46CC-8857-2B9DB87A61E7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}