CVE-2025-1082

A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to...

Mindskip xzs-mysql 代码注入漏洞

Mindskip xzs-mysql is a java + vue front-end and back-end separation of the examination system from Wuhan, China Mindskip Technology Mindskip company. The main advantages are simple and fast development and deployment, friendly interface design and clear code structure. Support web end and wechat...

xzs 跨站脚本漏洞

Civic Jump Technology xzs Learning Zest Open Source Exam System is the Learning Zest Open Source Exam System from Civic Jump Technology. A security vulnerability exists in xzs version v3.8.0, which originated from a cross-site scripting XSS vulnerability found in the component /admin/question/edi...

CVE-2022-41431

xzs v3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /admin/question/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field...

Judge.me : Stored XSS in Question edit for product name (bypass #1416672)

Hi @judgeme! Step to reproduce: 1. Log in to your shopify account and create product with name img src=x onerror=promptdocument.domain img src=x onerror=promptdocument.domain 2. Go to our store and write question to our product with name img src=x onerror=promptdocument.domain img src=x...