CVE-2025-1209 MEDIUM

CVE-2025-1209: code-projects Wazifa System search_resualts.php searchuser cross site scripting

Vendor Code-Projects

Product Wazifa System

Weakness CWE-79 · XSS

Published February 12, 2025

Last update February 12, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is the function searchuser of the file /search_resualts.php. The manipulation of the argument firstname/lastname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. There is a typo in the affected file name.

Key dates

02Disclosure timeline

February 12, 2025 CVE published

February 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1209

Related vulnerabilities

04Related CVE

CVE-2023-39370 StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79) CVE-2024-56014 WordPress Olivia Theme <= 0.9.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-2084 PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scripting CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function CVE-2025-11811 Simple Youtube Shortcode <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode