CVE-2025-0295 MEDIUM

CVE-2025-0295: code-projects Online Book Shop booklist.php cross site scripting

Vendor Code-Projects

Product Online Book Shop

Weakness CWE-79 · XSS

Published January 7, 2025

Last update August 26, 2025

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

January 7, 2025 CVE published

August 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-0295 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-46782 WordPress MomentoPress for Momento360 Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) CVE-2023-5894 Cross-site Scripting (XSS) - Stored in pkp/ojs CVE-2024-0609 WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Unauthenticated Stored Cross-Site Scripting CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS) CVE-2022-25610 WordPress Simple Ajax Chat plugin <= 20220115 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability