CVE-2025-15134

Summary

A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing manipulation of the argument review results in cross site scripting. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
yourmaileyesMOOC1.0affected
yourmaileyesMOOC1.1affected
yourmaileyesMOOC1.2affected
yourmaileyesMOOC1.3affected
yourmaileyesMOOC1.4affected
yourmaileyesMOOC1.5affected
yourmaileyesMOOC1.6affected
yourmaileyesMOOC1.7affected
yourmaileyesMOOC1.8affected
yourmaileyesMOOC1.9affected
yourmaileyesMOOC1.10affected
yourmaileyesMOOC1.11affected
yourmaileyesMOOC1.12affected
yourmaileyesMOOC1.13affected
yourmaileyesMOOC1.14affected
yourmaileyesMOOC1.15affected
yourmaileyesMOOC1.16affected
yourmaileyesMOOC1.17affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References