What is CVE-2025-0800 — XSS in SourceCodester Online Courseware?

CVE-2025-0800 is a cross-site scripting (XSS) vulnerability affecting SourceCodester Online Courseware versions 1.0–1.0, allowing attackers to inject malicious scripts via the /pcci/admin/saveeditt.php file.

Am I affected by CVE-2025-0800 in SourceCodester Online Courseware?

You are affected if you are using SourceCodester Online Courseware version 1.0. Upgrade to version 1.0.1 to resolve the vulnerability.

How do I fix CVE-2025-0800 in SourceCodester Online Courseware?

Upgrade to version 1.0.1 or later. As a temporary workaround, implement input validation and sanitization on the 'fname' parameter.

Is CVE-2025-0800 being actively exploited?

No active exploitation campaigns have been confirmed as of the publication date, but public proof-of-concept code is likely to emerge.

Where can I find the official SourceCodester advisory for CVE-2025-0800?

Refer to the SourceCodester website or their official communication channels for the advisory related to CVE-2025-0800.

CVE-2025-0800 — Vulnerability Details

NEXTGUARD

Escanear grátis

CVE-2025-0800 — Vulnerability Details | NextGuard

Passos de Detecçãotraduzindo…

• php / web:

curl -I 'http://your-online-courseware-site.com/pcci/admin/saveeditt.php?fname=<script>alert(1)</script>' | grep -i '200'

• php / web: Examine /pcci/admin/saveeditt.php for missing or inadequate input sanitization of the 'fname' parameter. • generic web: Monitor access logs for unusual requests to /pcci/admin/saveeditt.php with suspicious parameters in the 'fname' field.

SourceCodester Online Courseware Edit Teacher saveeditt.php cross site scripting

Impacto e Cenários de Ataquetraduzindo…

Contexto de Exploraçãotraduzindo…

Quem Está em Riscotraduzindo…

Passos de Detecçãotraduzindo…

Linha do Tempo do Ataque

Inteligência de Ameaças

Software Afetado

Classificação de Fraqueza (CWE)

Linha do tempo

Mitigação e Soluções Alternativastraduzindo…

Como corrigirtraduzindo…

Boletim de Segurança CVE

Perguntas frequentestraduzindo…

What is CVE-2025-0800 — XSS in SourceCodester Online Courseware?

Am I affected by CVE-2025-0800 in SourceCodester Online Courseware?

How do I fix CVE-2025-0800 in SourceCodester Online Courseware?

Is CVE-2025-0800 being actively exploited?

Where can I find the official SourceCodester advisory for CVE-2025-0800?

Seu projeto está afetado?