XSS in Webwork Php Script
CVE-2025-40642
Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.005 (37.8th percentile) — read the EPSS interpretation.
Affected products
- Webwork Php Script — versions all versions