CVE-2025-11421 MEDIUM

CVE-2025-11421: code-projects Voting System candidates_edit.php cross site scripting

Vendor Code-Projects

Product Voting System

Weakness CWE-79 · XSS

Published October 8, 2025

Last update February 24, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Key dates

02Disclosure timeline

October 8, 2025 CVE published

February 24, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11421 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-7787 Reflected XSS in ITG Computer Technology's vSRM Supplier Relationship Management System CVE-2024-2131 Move Addons for Elementor <= 1.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-32179 WordPress Maps for WP Plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability CVE-2019-18942 Stored cross site scripting CVE-2024-9222 Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.12.8 - Reflected Cross-Site Scripting