XSS in Webwork Php Script

CVE-2025-40642

Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (37.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References