CVE-2025-10388
Description
A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stored XSS in Selleo Mentingo's course description allows privilege escalation when an admin views the course catalog.
A stored cross-site scripting (XSS) vulnerability exists in Selleo Mentingo version 2025.08.27. The issue resides in the /api/course/enroll-course endpoint, specifically within the 'Description' parameter used when creating or updating course basic settings. The application fails to sanitize user-supplied HTML, allowing an attacker to inject arbitrary JavaScript that is stored and later executed in the context of other users' browsers [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.