CVE-2025-10088 MEDIUM

CVE-2025-10088: SourceCodester Time Tracker index.html cross site scripting

Vendor Sourcecodester

Product Time Tracker

Weakness CWE-79 · XSS

Published September 8, 2025

Last update September 8, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.

Key dates

02Disclosure timeline

September 8, 2025 CVE published

September 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-10088

Related vulnerabilities

04Related CVE

CVE-2022-47438 WordPress Booking calendar, Appointment Booking System Plugin <= 3.2.3 is vulnerable to Cross Site Scripting (XSS) CVE-2025-23571 WordPress Internal Links Generator plugin <= 3.51 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-22548 WordPress ldap_login_password_and_role_manager plugin <= 1.0.12 - CSRF to Stored XSS vulnerability CVE-2025-49541 ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-46449 WordPress WoWHead Tooltips plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability