CVE-2025-28121

CVE-2025-28121 affects code-projects Online Exam Mastering System 1.0. The vulnerability is a reflected Cross-Site Scripting (XSS) in feedback.php via the q parameter, where input is reflected without proper sanitization. Exploitation PoCs and public writeups (e.g., Exploit-DB, PacketStorm, GitHu...

CVE-2024-12890

CVE-2024-12890 affects code-projects Online Exam Mastering System 1.0. A vulnerability in the endpoint /update.php?q=quiz&step=2 allows SQL injection via the eid parameter, enabling remote exploitation. Public exploitation is indicated by the sources. The available documents do not specify a vend...

CVE-2024-12891

CVE-2024-12891 affects code-projects Online Exam Mastering System 1.0. Affected is an SQL injection in the function/file path /account.php?q=quiz&step=2, exploitable via manipulating the parameter eid . The issue enables remote exploitation and has been disclosed publicly. Root cause: unsafely ha...

CVE-2025-46173

CVE-2025-46173 is a stored XSS vulnerability in code-projects Online Exam Mastering System 1.0. The issue occurs in the feedback form’s name field and is triggered when an administrator views the feedback in the admin dashboard (dash.php), allowing injected scripts to execute in the admin’s brows...

CVE-2024-12892

CVE-2024-12892 affects code-projects Online Exam Mastering System 1.0. The vulnerability is in the file /sign.php?q=account.php, where manipulating the arguments name, gender, and college leads to cross-site scripting. The issue is exploitable remotely and the public disclosure has occurred. Some...