CVE-2025-56605 - Vulnerability Analysis
MediumCVSS: 5.4Last Updated: February 27, 2026
PuneethReddyHC Event Management System - Reflected XSS
Published: February 26, 2026Updated: February 27, 2026PoC AvailableRemote Exploitable
Overview
PuneethReddyHC Event Management System 1.0 contains a reflected XSS caused by improper validation and sanitization of the mobile POST parameter in register.php, letting attackers execute arbitrary JavaScript in victim's browser, exploit requires crafted request.
Severity & Score
Severity: Medium
CVSS Score: 5.4
Impact
Attackers can execute arbitrary JavaScript in victim's browser, potentially stealing cookies or performing actions on behalf of the user.
Mitigation
Update to the latest version with proper input validation and output sanitization.
Related Resources
Details
- CVE ID
- CVE-2025-56605
- Severity
- Medium
- CVSS Score
- 5.4
- Type
- reflected_xss
- Status
- unconfirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N