CVE-2025-3149

Summary

A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
itningStudent Homework Management System1.2.0affected
itningStudent Homework Management System1.2.1affected
itningStudent Homework Management System1.2.2affected
itningStudent Homework Management System1.2.3affected
itningStudent Homework Management System1.2.4affected
itningStudent Homework Management System1.2.5affected
itningStudent Homework Management System1.2.6affected
itningStudent Homework Management System1.2.7affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References