CVE-2025-56605 - Vulnerability Analysis
N/aLast Updated: February 26, 2026
PuneethReddyHC Event Management System - Reflected XSS
Published: February 26, 2026Updated: February 26, 2026PoC Available
Overview
PuneethReddyHC Event Management System 1.0 contains a reflected XSS caused by improper validation and sanitization of the mobile POST parameter in register.php, letting attackers execute arbitrary JavaScript in victim's browser, exploit requires crafted request.
Severity & Score
Severity: N/a
Impact
Attackers can execute arbitrary JavaScript in victim's browser, potentially stealing cookies or performing actions on behalf of the user.
Mitigation
Update to the latest version with proper input validation and output sanitization.
Related Resources
Details
- CVE ID
- CVE-2025-56605
- Severity
- N/a
- Type
- reflected_xss
- Status
- new
CVSS Metrics
N/A