CVE-2025-15052 MEDIUM

CVE-2025-15052: code-projects Student Information System profile.php cross site scripting

Vendor Code-Projects

Product Student Information System

Weakness CWE-79 · XSS

Published December 24, 2025

Last update December 24, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Key dates

02Disclosure timeline

December 24, 2025 CVE published

December 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-15052 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-8800 RabbitLoader – Website Speed Optimization for improving Core Web Vital metrics with Cache, Image Optimization, and more <= 2.21.0 - Reflected Cross-Site Scripting CVE-2018-14664 CVE-2025-46849 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-2720 Campcodes Complete Online DJ Booking System aboutus.php cross site scripting CVE-2025-25099 WordPress Appointment Buddy Widget By Accrete plugin <= 1.2. - Reflected Cross-Site Scripting vulnerability