CVE-2025-56605 - Reflected XSS in Event Management System 1.0 Description A reflected Cross-Site Scripting (XSS) vulnerability exists in of PuneethReddyHC/event-management 1.0. The POST parameter is improperly validated and reflected back in the response, allowing injection of arbitrary JavaScript code. Key Information CVE ID: CVE-2025-56605 Discovered by: Isroil Mustafoqulov Vulnerability type: Reflected XSS Attack vector: Remote Steps to Reproduce (Local Only) 1. Clone the project and run it locally. 2. Send a crafted POST request to with a malicious payload in the parameter. 3. The payload is reflected unsanitized in the response. Mitigation Sanitize/encode user input before output. Example in PHP: