CVE-2025-1597 MEDIUM

CVE-2025-1597: SourceCodester Best Church Management Software redirect.php cross site scripting

Vendor Sourcecodester

Product Best Church Management Software

Weakness CWE-79 · XSS

Published February 23, 2025

Last update February 24, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

February 23, 2025 CVE published

February 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-1597 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-0776 LinZhaoguan pb-cms Comment cross site scripting CVE-2025-22269 WordPress Real Testimonials plugin <= 3.1.6 - Cross Site Scripting (XSS) vulnerability CVE-2024-8987 Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode CVE-2019-25265 Online Inventory Manager 3.2 - Persistent Cross-Site Scripting CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode