Mindskip xzs-mysql CORS Misconfiguration Vulnerability

Vulnerability

A vulnerability exists in Mindskip xzs-mysql 学之思开源考试系统 version 3.9.0, specifically within the CORS Handler component. This vulnerability allows for a permissive cross-domain policy that can be exploited by untrusted domains. The issue can be exploited remotely, but the complexity of the attack is high, requiring some form of user interaction. While the vulnerability has been publicly disclosed and a proof-of-concept exploit is available, technical details on the exploitation are not specified.

Impact

The vulnerability leads to an overly permissive cross-domain policy, allowing untrusted domains to interact with the application in ways that could compromise its integrity.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.0

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mindskip xzs-mysql CORS Misconfiguration Vulnerability

Vulnerability

Impact

Affected Products

Mindskipe xzs-mysql 学之思开源考试系统

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating