PuneethReddyHC Event Management System 1.0: Malicious Code Can Run in Browser

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.4

PuneethReddyHC Event Management System 1.0: Malicious Code Can Run in Browser

CVE-2025-56605

Summary

The PuneethReddyHC Event Management System 1.0 has a security flaw that allows a hacker to inject malicious code into the system, which can be executed in the user's web browser. This could potentially steal sensitive information or take control of the user's account. To protect your users, update the system to a fixed version or apply a patch as soon as possible.

Original title

Original description

A reflected Cross-Site Scripting (XSS) vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute arbitrary JavaScript code in the victim's browser.

nvd CVSS3.1 5.4

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://github.com/Userr404/CVE-2025-56605

Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026