CVE-2025-58887 is a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Course Booking Platform developed by andré martin - it solutions & research UG, specifically the Course Finder product. Stored XSS occurs when malicious input is improperly neutralized during web page generation and is persistently stored on the server, later served to users without adequate sanitization or encoding. This vulnerability allows an attacker with at least limited privileges (PR:L) and requiring user interaction (UI:R) to inject malicious scripts that execute in the context of other users' browsers. The CVSS 3.1 base score of 6.5 reflects a medium severity, with an attack vector of network (AV:N), low attack complexity (AC:L), partial privileges required, and a scope change (S:C) indicating that the vulnerability affects components beyond the initially vulnerable component. The impact includes limited confidentiality, integrity, and availability losses (C:L/I:L/A:L), meaning attackers can potentially steal session tokens, manipulate displayed content, or cause minor disruptions. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability affects all versions up to 1.0.0, with no specific version details provided. Stored XSS in a course booking platform can be particularly dangerous as it may allow attackers to hijack user sessions, deface content, or redirect users to malicious sites, impacting both end-users and administrators. The requirement for user interaction means that exploitation depends on users visiting maliciously crafted pages or content within the platform. The scope change indicates that the vulnerability may affect other components or users beyond the initial vulnerable module, increasing the potential impact.

For European organizations using the Course Booking Platform, this vulnerability poses a risk to the confidentiality and integrity of user data and the availability of the service. Educational institutions, training providers, and corporate learning departments relying on this platform could face session hijacking, unauthorized actions performed on behalf of users, or reputational damage due to content manipulation. The stored nature of the XSS means that malicious scripts can persist and affect multiple users over time, increasing the risk of widespread compromise. Given the medium severity and the need for user interaction, the impact is significant but not catastrophic. However, if exploited in environments handling sensitive personal data or payment information, the consequences could escalate, potentially violating GDPR requirements and leading to regulatory penalties. Additionally, the scope change suggests that the vulnerability could affect multiple components or user roles, broadening the attack surface within affected organizations.

Organizations should implement specific mitigations beyond generic advice: 1) Immediate code review and input validation: Developers must audit all input fields in the Course Booking Platform, especially those that store and later render user-supplied content, ensuring proper context-aware output encoding (e.g., HTML entity encoding) to neutralize scripts. 2) Implement Content Security Policy (CSP): Deploy a strict CSP header to restrict the execution of unauthorized scripts and reduce the impact of any injected malicious code. 3) User privilege review: Since the vulnerability requires low privileges, restrict user roles and permissions to the minimum necessary, limiting who can submit content that is stored and displayed. 4) Monitor and sanitize stored content: Scan existing stored data for malicious payloads and sanitize or remove suspicious entries. 5) Patch management: Monitor vendor communications closely for patches or updates addressing this vulnerability and apply them promptly once available. 6) User awareness: Educate users about the risks of clicking on suspicious links or interacting with untrusted content within the platform. 7) Logging and anomaly detection: Enhance logging around content submissions and user interactions to detect potential exploitation attempts early.