CVE-2025-13343 MEDIUM

CVE-2025-13343: SourceCodester Interview Management System editQuestion.php cross site scripting

Vendor Sourcecodester

Product Interview Management System

Weakness CWE-79 · XSS

Published November 18, 2025

Last update November 18, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Key dates

02Disclosure timeline

November 18, 2025 CVE published

November 18, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-13343 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-49151 WordPress Google Calendar Events Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS) CVE-2024-53763 WordPress Best Addons for Elementor plugin <=1.0.5 - Stored Cross Site Scripting (XSS) vulnerability CVE-2025-46496 WordPress Mini twitter feed plugin <= 3.0 - Cross Site Scripting (XSS) Vulnerability CVE-2024-56261 WordPress Project Showcase plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-5427 WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Reservation Form Shortcode