CVE-2025-15134
📋 TL;DR
This CVE describes a cross-site scripting (XSS) vulnerability in yourmaileyes MOOC software up to version 1.17. Attackers can inject malicious scripts via the 'review' parameter in the submission handler, potentially compromising user sessions or stealing sensitive data. The vulnerability affects all users of the affected MOOC platform versions.
💻 Affected Systems
- yourmaileyes MOOC
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal user session cookies, perform actions as authenticated users, deface the platform, or redirect users to malicious sites, potentially leading to account compromise and data theft.
Likely Case
Attackers inject malicious JavaScript that steals session cookies or user credentials, allowing account takeover of affected users who interact with manipulated submissions.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing any client-side code injection.
🎯 Exploit Status
The exploit has been publicly released and can be initiated remotely. Attack requires user interaction with malicious content but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: Yes
Instructions:
No official patch available. Monitor the GitHub repository for updates. If a patch becomes available, update to the fixed version and restart the application.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allImplement server-side validation of the 'review' parameter and encode all user-controlled output before rendering in HTML context.
Implement proper input sanitization in mooc/controller/MainController.java
Content Security Policy
allImplement a strict Content Security Policy header to prevent execution of inline scripts and restrict script sources.
Add 'Content-Security-Policy: script-src 'self'' header to HTTP responses
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with XSS protection rules to filter malicious payloads
- Disable or restrict access to the vulnerable submission review functionality if not essential
🔍 How to Verify
Check if Vulnerable:
Check if your MOOC version is 1.17 or earlier. Test by submitting a review containing basic XSS payload like <script>alert('test')</script> and see if it executes.Check Version:
Check application version in configuration files or about pageVerify Fix Applied:
After implementing fixes, test with the same XSS payloads to ensure they are properly sanitized and do not execute.📡 Detection & Monitoring
Log Indicators:
- Unusual review submissions containing script tags or JavaScript code
- Multiple failed XSS attempts in logs
Network Indicators:
- HTTP requests with suspicious parameters containing script tags or encoded payloads
SIEM Query:
Search for: review parameter containing <script> OR javascript: OR onerror= in web server logs