📄 Description (English)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affects EduAsist: through 27022026.
NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
🤖 AI Executive Summary
CVE-2025-11950 is a Reflected Cross-Site Scripting (XSS) vulnerability in EduAsist educational platform affecting versions through 27022026. With a CVSS score of 6.3 and no available patch, this vulnerability poses a moderate risk to educational institutions and their users. The vendor's non-responsiveness to early disclosure notifications elevates concern regarding timely remediation.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 16, 2026 17:30
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi educational institutions, including K-12 schools, universities, and online learning platforms using EduAsist. At-risk sectors include: Education (Ministry of Education, private schools, universities), Government (educational portals), and Healthcare (medical education platforms). The XSS vulnerability could enable credential theft from students and educators, unauthorized access to educational records, and distribution of malicious content through trusted educational channels. Saudi organizations relying on EduAsist for distance learning and student management face elevated risk of data compromise and reputational damage.
🏢 Affected Saudi Sectors
Education
Government
Healthcare
Private Sector (Corporate Training)
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Identify all instances of EduAsist deployment within your organization and document version numbers
2. Restrict access to EduAsist to trusted networks only; implement network segmentation if possible
3. Disable EduAsist if not critical; migrate users to alternative platforms if feasible
4. Implement Web Application Firewall (WAF) rules to detect and block XSS payloads targeting EduAsist endpoints
Compensating Controls:
1. Deploy input validation and output encoding at the application layer if you have access to source code
2. Implement Content Security Policy (CSP) headers to prevent inline script execution
3. Enable browser security features: X-XSS-Protection, X-Content-Type-Options headers
4. Conduct user awareness training on phishing and malicious links
5. Monitor for suspicious activity in user sessions and educational records
Detection Rules:
1. Monitor HTTP requests to EduAsist for encoded XSS payloads (script tags, event handlers)
2. Alert on unusual JavaScript execution within EduAsist web pages
3. Track user session anomalies and unauthorized data access patterns
4. Log all administrative actions and configuration changes
Patching Strategy:
1. Contact KNOWHY Advanced Technology Trading Ltd. Co. directly for security updates
2. Monitor CVE databases and vendor security advisories for patch availability
3. Establish timeline for migration to patched version or alternative solution
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع حالات نشر EduAsist في مؤسستك وتوثيق أرقام الإصدارات
2. تقييد الوصول إلى EduAsist للشبكات الموثوقة فقط؛ تنفيذ تقسيم الشبكة إن أمكن
3. تعطيل EduAsist إذا لم يكن حرجاً؛ نقل المستخدمين إلى منصات بديلة إن أمكن
4. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) للكشف عن حمولات XSS وحجبها
الضوابط التعويضية:
1. نشر التحقق من الإدخال وترميز الإخراج على مستوى التطبيق إذا كان لديك وصول إلى الكود المصدري
2. تنفيذ رؤوس سياسة أمان المحتوى (CSP) لمنع تنفيذ البرامج النصية المضمنة
3. تفعيل ميزات أمان المتصفح: رؤوس X-XSS-Protection و X-Content-Type-Options
4. إجراء تدريب التوعية للمستخدمين بشأن التصيد والروابط الضارة
5. مراقبة النشاط المريب في جلسات المستخدمين وسجلات التعليم
قواعد الكشف:
1. مراقبة طلبات HTTP إلى EduAsist للحمولات المشفرة XSS (علامات البرامج النصية ومعالجات الأحداث)
2. التنبيه على تنفيذ JavaScript غير العادي داخل صفحات الويب EduAsist
3. تتبع شذوذ جلسات المستخدمين وأنماط الوصول غير المصرح بها
4. تسجيل جميع الإجراءات الإدارية والتغييرات في الإعدادات
استراتيجية التصحيح:
1. الاتصال المباشر بـ KNOWHY Advanced Technology Trading Ltd. Co. للحصول على تحديثات الأمان
2. مراقبة قواعد بيانات CVE والنشرات الأمنية للبائع لتوفر التصحيحات
3. وضع جدول زمني لترقية الإصدار المصحح أو الانتقال إلى حل بديل
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information Security Policies and Procedures
A.6.1.1 - Access Control Policy
A.6.2.1 - User Registration and Access Rights Management
A.7.1.1 - Cryptography and Data Protection
A.8.1.1 - Malware Protection
A.9.1.1 - Incident Management
🔵 SAMA CSF
Governance (GV) - Security Governance and Risk Management
Protect (PR) - Input Validation and Output Encoding
Detect (DE) - Security Monitoring and Anomaly Detection
Respond (RS) - Incident Response and Remediation
🟡 ISO 27001:2022
A.5.1 - Management Direction for Information Security
A.6.1 - Internal Organization
A.6.2 - Mobile Device and Teleworking
A.7.1 - Cryptography
A.8.1 - User Endpoint Devices
A.8.2 - Privileged Access Rights
A.8.3 - Information Access Restriction
A.12.2 - Restrictions on Software Installation
A.12.6 - Management of Technical Vulnerabilities
A.14.2 - Secure Development Policy
🟣 PCI DSS v4.0.1
Requirement 6.5.1 - Injection Flaws Prevention
Requirement 6.5.7 - Cross-Site Scripting (XSS) Prevention
Requirement 6.2 - Security Patches and Updates
Requirement 11.3 - Penetration Testing
🔗 References & Sources 1
📦 Affected Products / CPE 1 entries
eduasist:eduasist