CVE-2025-41070 – Reflected Cross-site Scripting (XSS) in Sanoma’s Clickedu

CVE ID : CVE-2025-41070

Published : Dec. 1, 2025, 11:15 a.m. | 1 hour, 9 minutes ago

Description : Reflected Cross-site Scripting (XSS) vulnerability in Sanoma’s Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending them a malicious URL in ‘/students/carpetes_varies.php’. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…