1.0.1
1.1.1
1.2.1
1.3.1
1.4.1
1.5.1
1.6.1
1.7.1
1.8.1
1.9.1
1.10.1
1.11.1
1.12.1
1.13.1
1.14.1
1.15.1
1.16.1
1.17.1
A cross-site scripting (XSS) vulnerability has been identified in yourmaileyes MOOC versions 1.0 to 1.17. This flaw resides within the subreview function of the MainController.java file, specifically the Submission Handler component. Successful exploitation allows an attacker to inject malicious scripts, potentially compromising user sessions and data. A public proof-of-concept exists, and a fix is available in version 1.17.1.
The XSS vulnerability in yourmaileyes MOOC allows an attacker to inject arbitrary JavaScript code into the application. This code can then be executed in the context of a user's browser when they visit a vulnerable page. Attackers could leverage this to steal session cookies, redirect users to phishing sites, or deface the application. The remote nature of the exploit means attackers don't need local access to the server. Given the public availability of a proof-of-concept, the risk of exploitation is elevated, particularly for systems running unpatched versions of yourmaileyes MOOC.
This vulnerability has a LOW CVSS score of 3.5. A public proof-of-concept has been released, indicating a higher likelihood of exploitation. The vulnerability was reported to the project, but no response has been received as of the publication date. It is recommended to prioritize patching to prevent potential attacks.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-15134 is to upgrade your installation of yourmaileyes MOOC to version 1.17.1 or later. If upgrading immediately is not feasible, consider implementing input validation and output encoding on the review parameter within the MainController.java file. While not a complete solution, this can reduce the attack surface. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of defense. Monitor your application logs for suspicious activity, particularly requests containing unusual characters or patterns in the review parameter.
Update the yourmaileyes MOOC application to a version later than 1.17 that fixes the Cross-Site Scripting (XSS) vulnerability in the Submission Handler component. Validate and sanitize user inputs, especially the 'review' parameter, to prevent the injection of malicious code. Implement additional security measures such as output encoding to mitigate the risk of XSS.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-15134 is a cross-site scripting (XSS) vulnerability affecting yourmaileyes MOOC versions 1.0 to 1.17, allowing attackers to inject malicious scripts.
You are affected if you are using yourmaileyes MOOC versions 1.0 through 1.17. Upgrade to version 1.17.1 or later to mitigate the risk.
Upgrade your yourmaileyes MOOC installation to version 1.17.1 or later. Consider input validation and output encoding as a temporary workaround.
A public proof-of-concept exists, indicating a potential for active exploitation. Prioritize patching to reduce your risk.
Refer to the yourmaileyes project's official website or security advisories for the latest information and updates regarding CVE-2025-15134.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.