Critical Vulnerability Information Vulnerability Type Cross Site Scripting (XSS) Affected Product CloudClassroom-PHP-Project 1.0 Affected Component postquerypublic.php, email parameter in POST request Attack Type Remote Attack Vector An attacker can send a specially crafted POST request to the vulnerable endpoint , injecting malicious JavaScript via the email parameter. The application reflects this input without proper sanitization, leading to a reflected XSS vulnerability. Reproduction Steps 1. Deploy the vulnerable PHP application locally (e.g., ). 2. Send the following POST request: Reference Links https://owasp.org/www-community/attacks/xss/ Discoverer saurabh LinkedIn: https://www.linkedin.com/in/saurabh-b294b21aa/