CVE-2025-12279 MEDIUM

CVE-2025-12279: code-projects Client Details System welcome.php cross site scripting

Vendor Code-Projects

Product Client Details System

Weakness CWE-79 · XSS

Published October 27, 2025

Last update October 27, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability has been found in code-projects Client Details System 1.0. This vulnerability affects unknown code of the file /welcome.php. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

October 27, 2025 CVE published

October 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12279

Related vulnerabilities

04Related CVE

CVE-2024-10725 Stored Cross-site Scripting (XSS) in phpipam/phpipam CVE-2024-35681 WordPress wpDiscuz plugin <= 7.6.18 - Cross Site Scripting (XSS) vulnerability CVE-2024-51574 WordPress Simple Goods plugin <= 0.1.3 - Stored Cross Site Scripting (XSS) vulnerability CVE-2026-10093 File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter CVE-2021-43765 Adobe Experience Manager Stored XSS in the Carousel Set