CVE-2025-29430
Published: 17 March 2025
Summary
CVE-2025-29430 is a medium-severity Basic XSS (CWE-80) vulnerability in Fabian Online Class And Exam Scheduling System. Its CVSS base score is 4.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 39.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6534
Vulnerability details
Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting (XSS) in /pages/room.php via the id and rome parameters.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS vulnerability enables exploitation of a public-facing web application (T1190), arbitrary JavaScript execution in victim browsers (T1059.007), and theft of web session cookies (T1539) or other browser credentials (T1555.003).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.