Sunbird-Ed Portal v1.13.4: Unfiltered User Input in Web Pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

Sunbird-Ed Portal v1.13.4: Unfiltered User Input in Web Pages

CVE-2025-70033

Summary

A security issue was found in the Sunbird-Ed Portal version 1.13.4. This issue allows an attacker to inject malicious code into web pages, potentially allowing them to steal sensitive information or take control of the system. To protect your system, update to the latest version of the Sunbird-Ed Portal as soon as possible.

Original title

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.

Original description

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://gist.github.com/zcxlighthouse/5036e0ea5a40146fb5051d7a94252857
https://github.com/Sunbird-Ed
https://github.com/Sunbird-Ed/SunbirdEd-portal

Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026